GitLab Runner pwsh shell runs jobs as the root user on Linux OS
Summary
GitLab runner's pwsh
shell runs as the root user on linux systems, not gitlab-runner user like the rest of the shell executors.
Steps to reproduce
- Spin up a fresh linux instance and install pwsh per Microsoft's docs for whatever flavor you're using
- Install gitlab-runner as per our own docs
- Register the runner on with whatever instance of GitLab you have available, I used GitLab.com and select the shell executor
- Edit the config.toml to specify
pwsh
as the shell - Spin up a quick and simple CI job that runs
whoami
and observe
.gitlab-ci.yml
Technically the job below is not a failure, it complete successfully but with the unexpected result of showing that commands are being run as root
build-job:
stage: build
tags:
- pwsh
script:
- whoami
Actual behavior
whoami
returns the root user
Expected behavior
whoami
return the gitlab-runner user
Environment description
[root@[redacted] ~]# hostnamectl
Static hostname: [redacted]
Icon name: computer-container
Chassis: container
Machine ID: 961dd5fd78de4e0d8842fc4134e94ebb
Boot ID: e7af5ff8e583487caac8a639f8036853
Virtualization: openvz
Operating System: CentOS Linux 7 (Core)
CPE OS Name: cpe:/o:centos:centos:7
Kernel: Linux 3.10.0
Architecture: x86-64
config.toml contents
concurrent = 1
check_interval = 0
[session_server]
session_timeout = 1800
[[runners]]
name = "LinuxRunner"
url = "https://gitlab.com/"
token = [redacted]
executor = "shell"
shell = "pwsh"
[runners.custom_build_dir]
[runners.cache]
[runners.cache.s3]
[runners.cache.gcs]
[runners.cache.azure]
Used GitLab Runner version
Version: 13.10.0
Git revision: 54944146
Git branch: 13-10-stable
GO version: go1.13.8
Built: 2021-03-21T09:13:25+0000
OS/Arch: linux/amd64
Possible fixes
Relevant logs and/or screenshots
job log
Running with gitlab-runner 13.10.0 (54944146)
on [redacted]
Resolving secrets 00:00
Preparing the "shell" executor 00:00
Using Shell executor...
Preparing environment 00:00
Running on linux...
Getting source from Git repository 00:02
Fetching changes with git depth set to 50...
Reinitialized existing Git repository in /home/gitlab-runner/builds/fZrTbjF9/0/JamesRLopes/powershell-testing/.git/
Checking out 381f6bd0 as master...
Removing misc/
Skipping Git submodules setup
Executing "step_script" stage of the job script 00:02
$ whoami
root
Cleaning up file based variables 00:00
Job succeeded
```
</details>
Edited by Darren Eastman