Skip to content

Allow changing shell executor with pwsh user

Georgi N. Georgiev requested to merge change-pwsh-user into main

What does this MR do?

Allows changing the user for pwsh shells

Why was this MR needed?

We were missing the code that would switch the shell's user with su for pwsh.

Initially I tried going for simply adding the su section, much like in bash http://gitlab.com/gitlab-org/gitlab-runner/blob/364e6f3ab98d48ac406ff3857463da8f116521f7/shells/bash.go#L300-300. I then realized that this can't happen due to the permissions of the scripts we execute being 0700, so other users didn't have permissions to access them.

I then switched to passing the scripts through stdin, which lead me to the reason why were passing them as files initially: !2874 (merged). At https://github.com/PowerShell/PowerShell/issues/15331#issuecomment-1016942586 it was suggested to wrap the scripts in a script block, which seems to work and the whole contents of the stdin are executed as a whole script, avoiding the previous issues we had of having each line being a separate block.

What's the best way to test this MR?

Note: Adding integration tests for this proved difficult due to various permissions reasons. I'll add incept test case for it.

  1. Use the following Dockerfile to build a Docker image docker build -t ubuntu-pwsh -f pwsh-user.Dockerfile .:
FROM ubuntu:22.04

RUN export DEBIAN_FRONTEND=noninteractive && \
    apt-get update && \
    apt-get install -y wget apt-transport-https software-properties-common vim git binutils bison gcc make curl libssl1.1

RUN wget -q https://github.com/PowerShell/PowerShell/releases/download/v7.2.1/powershell-lts_7.2.1-1.deb_amd64.deb && \
    dpkg -i powershell-lts_7.2.1-1.deb_amd64.deb && \
    pwsh --version

RUN useradd --comment 'GitLab Runner' --create-home gitlab-runner --shell /bin/bash && \
    mkdir -p /home/gitlab-runner
  1. Start a container with the new imagedocker run --rm -it --name ubuntu-pwsh ubuntu-pwsh
  2. Build the binary from this branch and transfer it into the container: GOOS=linux go build . && chmod +x gitlab-runner && docker cp gitlab-runner ubuntu-pwsh:/home/gitlab-runner/
  3. Register a shell executor
  4. Change the shell in the config.toml to pwsh
  5. Start the runner and set the --user parameter to gitlab-runner
  6. In your project create the following job:
whoami shell:
  script:
    - whoami
  tags:
    - <your runner>
  1. The output should be gitlab-runner instead of root

What are the relevant issue numbers?

Closes #27751 (closed)

Edited by Georgi N. Georgiev

Merge request reports