Containers should run as a non-root user with an arbitrary, ephemeral user ID for security. In these hardened environments, the running UID may therefore intentionally be missing from the container's /etc/passwd file. The JVM currently relies entirely on getpwuid to resolve the user name and uses getenv("HOME") for the home directory only if the aforementioned fails.

Additionally, the getpwuid call introduces kernel locking and potential network latency (e.g., LDAP) during the bootstrap phase, delaying the execution of Java byte code. This effect can amount to a few milliseconds depending on the deployment scenario. We should make HOME and USER first-tier citizens and query getpwuid only if the environment variables are not set. This fix will ensure that the JVM is container friendly.

# Minimal reproducer

podman run --rm --user 10005 -e USER=app-user -e HOME=/tmp <favorite openjdk image> java -XshowSettings:properties -version 2>&1 | grep -E "user.home|user.name"
    user.home = /tmp
    user.name = ?

# Performance Impact (C++ microbenchmark, worst-case)

## Workstation x64 with SSSD/IPA Auth

getenv: 6868 ns
getpwuid: 1593635 ns

## Large aarch64 based machine

getenv: 6040 ns
getpwuid: 7409465 ns

## Kubernetes Cluster

Scaling out a Kubernetes cluster with 4 pods
getenv 15269 ns
getpwuid 731298 ns