Closed abinet closed 2 years ago
Hi @abinet, I guess that just allowing other users to read permissions to your /home/1corp.org
would maybe also work?
This issue is not strictly related to the runner as I understand, but let's go over this so I might be missing something. Could you write your permissions of /home/1corp.org
. While configuring, Runner goes backwards through the directory structure and tries to read from each level. I think that if you give the user read permission, that might solve your problem.
HI @nikola-jokic thank you for the response. As I mentioned already, adjusting permissions solves the problem. However my point is that it should not be required to allow runner to read all the directories in the tree just to run properly.
Hi @abinet,
We will investigate this further if we need read permissions to those sub-folders and why. I will get back to you as soon as possible!
Hey @abinet sorry for the frustration this is causing you.
This check is done to help us run node
actions. Essentially, when you require()
a package in node, it has an order to check for that package. It starts at the current directory, then keeps checking one directory up until it finds a node_module
folder. This resulted in the node process blowing up if it didn't have the correct permissions ( most notably this typically occurred to users installing the runner in the MyDocuments
folder on windows). I understand the frustration here in requiring these permissions, but we feel it makes the user experience better then the letting the node process throw.
With that in mind, I'm going to close out this issue, as I don't envision us making any changes here, but I do appreciate you taking the time to report this.
Hey @thboop, can we revisit this?
It seems like we're requiring people to compromise their security models in the name of searching for paths that they likely don't care about.
I tried this recently (linux, node v14.16.0...not even that recent):
mkdir -p nodejs_test/no_read_access/read_access/
echo "require('which')" > nodejs_test/no_read_access/read_access/demo.js
chmod -R ugo-r nodejs_test
chmod -R u+r nodejs_test/no_read_access/read_access
cd nodejs_test/no_read_access/read_access
NODE_DEBUG=module node demo.js
The lack of read access was not a problem for node. If there was any readable parent path (or global path) that had which
available, it used it just fine. If which
was not available, then it complained about Error: Cannot find module 'which'
, as expected, after searching through the entire list of search paths (parent and global).
I'm wondering if the "node process blowing up" is no longer a thing, or if it is OS dependent. If the latter, it would be great if this check could be relaxed a bit. It seems like:
Figured I'd bump this as well, as I'm not able to work around this (i.e get read access to root dirs) at my company
I am following runner configuration instructions for RHEL 7 and on config step
getting following error:
Please note that the home directory of my user is not
/home/myuser
but/home/1corp.org/myuser
and myuser does not have permissions to access/home/1corp.org
indeed.I am able to procced by changing the owner for parent folder but that is ugly workaround imho.