Skip to content

fix: Safer chown call in runner scripts for custom AMIs #4654

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 9, 2025
Merged

fix: Safer chown call in runner scripts for custom AMIs #4654

merged 3 commits into from
Jul 9, 2025

Conversation

nmodi1
Copy link
Contributor

@nmodi1 nmodi1 commented Jul 2, 2025

Updated the install-runner and start-runner scripts to call chown on explicit path instead of just using the current directory.

The current script will work for most users, however, this change will make it more safer and avoid risk of unintended changes. For example, if the cd /opt/actions-runner call in the template file (images/start-runner.sh) is missed, the script will change owner of the root directory (/) instead.

@nmodi1 nmodi1 requested a review from a team as a code owner July 2, 2025 15:20
@nmodi1
Copy link
Contributor Author

nmodi1 commented Jul 2, 2025

There are a few other places that use the current directory (./) in the start-runner script. I can update them to use an explicit path (or an env variable) as well if needed?

@npalm npalm self-requested a review July 2, 2025 21:07
npalm
npalm approved these changes Jul 9, 2025
View reviewed changes
Copy link
Member

@npalm npalm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nmodi1 thx for your contribution

@npalm npalm merged commit 0114816 into github-aws-runners:main Jul 9, 2025
5 checks passed
@runners-releaser runners-releaser bot mentioned this pull request Jul 9, 2025
Merged
@nmodi1 nmodi1 deleted the safer-chown-call branch July 9, 2025 08:12
npalm pushed a commit that referenced this pull request Jul 10, 2025
@runners-releaser
chore(main): release 6.6.1 (#4657)
9983655 
🤖 I have created a release *beep* *boop*
---


##
[6.6.1](v6.6.0...v6.6.1)
(2025-07-09)


### Bug Fixes

* Safer chown call in runner scripts for custom AMIs
([#4654](#4654))
([0114816](0114816))
@nmodi1

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: runners-releaser[bot] <194412594+runners-releaser[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npalm npalm npalm approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nmodi1 @npalm