I’m installing build runners on Linux VMs in our org, and configuring them to run as a service. The instructions are mostly clear, but there are three things that are confusing me:
First question:
I’m installing the runner to /actions-runner. I can download & unpack it just fine, so long as I’m using sudo. But when I go to configure the runner using sudo, it tells me “Must not run as sudo.” But if I run it without sudo, I don’t have access:
touch: cannot touch ‘.env’: Permission denied
./env.sh: line 37: .path: Permission denied
./env.sh: line 32: .env: Permission denied
Unhandled exception. System.UnauthorizedAccessException: Access to the path ‘/actions-runner/_diag’ is denied.
I see some people online suggest setting RUNNER_ALLOW_RUNASROOT to get past this; but I feel like I must be doing something wrong. Am I installing the runner in the wrong place? Should I or should I not be using sudo?
Second question:
If I bypass the above issue and configure the runner using sudo, then when I go to install it as a service it says it’s going to run using my personal Linux user account. Shouldn’t it create a new “github_runner” system account or something–similar to how the Windows build runner uses the NetworkService account? Do I need to create that user account manually? Are there instructions, guidance, or best practices around which account to use and how to do it? I can’t seem to find anything anywhere …
Third question:
Even if I just allow it to run as my user account, and after calling “./svc.sh start”, the Linux runners still appear as “Offline” in GitHub. What else am I missing?