Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error Permission on git runner config on RHEL

See original GitHub issue

I am following runner configuration instructions for RHEL 7 and on config step

./config.sh --url https://github.com/<myorg> --token <token>

getting following error:

An error occurred: Permission to read the directory contents is required for '/home/1corp.org/myuser/actions-runner' and each directory up the hierarchy. Access to the path '/home/1corp.org' is denied.

Please note that the home directory of my user is not /home/myuser but /home/1corp.org/myuser and myuser does not have permissions to access /home/1corp.org indeed.

I am able to procced by changing the owner for parent folder but that is ugly workaround imho.

Issue Analytics

State:
Created 2 years ago
Comments:5 (2 by maintainers)

Top GitHub Comments

1reaction

chebee7icommented, May 16, 2023

Hey @thboop, can we revisit this?

It seems like we’re requiring people to compromise their security models in the name of searching for paths that they likely don’t care about.

I tried this recently (linux, node v14.16.0…not even that recent):

mkdir -p  nodejs_test/no_read_access/read_access/
echo "require('which')" > nodejs_test/no_read_access/read_access/demo.js
chmod -R ugo-r nodejs_test
chmod -R u+r nodejs_test/no_read_access/read_access
cd nodejs_test/no_read_access/read_access
NODE_DEBUG=module node demo.js

The lack of read access was not a problem for node. If there was any readable parent path (or global path) that had which available, it used it just fine. If which was not available, then it complained about Error: Cannot find module 'which', as expected, after searching through the entire list of search paths (parent and global).

I’m wondering if the “node process blowing up” is no longer a thing, or if it is OS dependent. If the latter, it would be great if this check could be relaxed a bit. It seems like:

the runner is demanding stricter permissions than necessary (in principle, leaving aside nodejs behavior)
these stricter permissions must be done at the expense of security considerations
nodejs doesn’t actually seem to have problems (on linux)

0reactions

thboopcommented, Feb 22, 2022

Hey @abinet sorry for the frustration this is causing you.

This check is done to help us run node actions. Essentially, when you require() a package in node, it has an order to check for that package. It starts at the current directory, then keeps checking one directory up until it finds a node_module folder. This resulted in the node process blowing up if it didn’t have the correct permissions ( most notably this typically occurred to users installing the runner in the MyDocuments folder on windows). I understand the frustration here in requiring these permissions, but we feel it makes the user experience better then the letting the node process throw.

With that in mind, I’m going to close out this issue, as I don’t envision us making any changes here, but I do appreciate you taking the time to report this.