Why are not all actions with different runner types executed as user stanley?

[pietervogelaar]

Taken from https://docs.stackstorm.com/install/rhel7.html:

"To run local and remote shell actions, StackStorm uses a special system user (default stanley). For remote Linux actions, SSH is used. It is advised to configure identity file based SSH access on all remote hosts. We also recommend configuring SSH access to localhost for running examples and testing."

Local and remote shell actions are executed as the stanley user. It was to my big surprise that another action of mine that uses runner_type python-script instead of shell, is executed as root user instead of stanley.

Why is that? And shouldn't this be consistent?

[bigmstone]

@pietervogelaar The actionrunner service (which is where all runners are "run") is run as root. Things like core.local use the local-shell-cmd runner which will drop the user into stanley if sudo param isn't set to true. So it's not actually a runner difference, but rather a runner implementation difference. It might make some sense to spawn our python actions as stanley by default, but that might break existing actions. Could be something we can deprecate over time. Will let others add some input here as I wasn't part of ST2 when the decision to run actionrunner as root was made, so I've not given a lot of critical thought to the implications of running it as st2 user.

/cc @lakshmi-kannan @Kami @enykeev

[stale[bot]]

Thanks for contributing to this issue. As it has been 90 days since the last activity, we are automatically marking is as stale. If this issue is not relevant or applicable anymore (problem has been fixed in a new version or similar), please close the issue or let us know so we can close it. On the contrary, if the issue is still relevant, there is nothing you need to do, but if you have any additional details or context which would help us when working on this issue, please include it as a comment to this issue.