Open pietervogelaar opened 7 years ago
@pietervogelaar The actionrunner
service (which is where all runners are "run") is run as root
. Things like core.local
use the local-shell-cmd
runner which will drop the user into stanley
if sudo
param isn't set to true
. So it's not actually a runner difference, but rather a runner implementation difference. It might make some sense to spawn our python actions as stanley
by default, but that might break existing actions. Could be something we can deprecate over time. Will let others add some input here as I wasn't part of ST2 when the decision to run actionrunner
as root was made, so I've not given a lot of critical thought to the implications of running it as st2
user.
/cc @lakshmi-kannan @Kami @enykeev
Thanks for contributing to this issue. As it has been 90 days since the last activity, we are automatically marking is as stale. If this issue is not relevant or applicable anymore (problem has been fixed in a new version or similar), please close the issue or let us know so we can close it. On the contrary, if the issue is still relevant, there is nothing you need to do, but if you have any additional details or context which would help us when working on this issue, please include it as a comment to this issue.
Taken from https://docs.stackstorm.com/install/rhel7.html:
"To run local and remote shell actions, StackStorm uses a special system user (default stanley). For remote Linux actions, SSH is used. It is advised to configure identity file based SSH access on all remote hosts. We also recommend configuring SSH access to localhost for running examples and testing."
Local and remote shell actions are executed as the stanley user. It was to my big surprise that another action of mine that uses runner_type python-script instead of shell, is executed as root user instead of stanley.
Why is that? And shouldn't this be consistent?