Skip to content

feat: Have sudo run the user's shell when calling config.sh from start-runner.sh #3768

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 6 commits into from
Closed

feat: Have sudo run the user's shell when calling config.sh from start-runner.sh #3768

wants to merge 6 commits into from

Conversation

@bshelton229
Copy link
Contributor

We ran into a really interesting issue where we want the $PATH from the $run_as user's shell. Mostly things that are configured in the bash rc files, like ~/.local/bin, which aren't present in the base system path. I couldn't find a better way to do this. It appears the .path file is written by the config.sh script, and is then locked into place. I think that happens here - https://github.com/actions/runner/blob/72559572f64f40554d43cfa04e4128725dc2274b/src/Misc/layoutroot/env.sh#L37. We're currently running from AMIs built with this patch.

The -i flag, according to sudo, will Run the shell specified by the target user's password database entry as a login shell. .... Because it enters the shell, it resets PWD back to the home folder of the user, hence setting the full path of the config.sh script when calling it.

I can't think of any negative consequences to this, but it's definitely likely to cause runners to have a different path than they do now.

@bshelton229 bshelton229 changed the title Have sudo run the user's shell when calling config.sh from start-runner.sh feat: Have sudo run the user's shell when calling config.sh from start-runner.sh Feb 13, 2024
@bshelton229 bshelton229 force-pushed the sudo-config-shell-login branch from 6d445f5 to 2c17cdb Compare February 13, 2024 03:19
@npalm npalm self-requested a review February 13, 2024 09:28
@npalm
Copy link
Member

npalm commented Feb 20, 2024

I also don't see any negative side effects. However I want to run some tests. Can you share some details about your setup?

  • Are you using the the standard Amazon AMI?
  • Are you setting run_as?

@npalm
Copy link
Member

npalm commented Mar 13, 2024

@bshelton229 please can you check my comment? Also not sure if there is really no impact.

@github-actions
Copy link
Contributor

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the Stale label Apr 13, 2024
@npalm npalm removed the Stale label Apr 16, 2024
@github-actions
Copy link
Contributor

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the Stale label May 17, 2024
@npalm npalm removed the Stale label May 17, 2024
@github-actions
Copy link
Contributor

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the Stale label Aug 16, 2024
@npalm
Copy link
Member

npalm commented Aug 16, 2024

@bshelton229 would you have to check my comments? And share some details how to test?

@npalm npalm removed the Stale label Aug 16, 2024
@bshelton229
Copy link
Contributor Author

I don't know how, but I completely lost track of the notifications for this PR. We found another way around this. I'm hoping to open another PR shortly. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@npalm npalm Awaiting requested review from npalm

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bshelton229 @npalm