User Account for Self-Hosted Runner on Linux

I’m installing build runners on Linux VMs in our org, and configuring them to run as a service. The instructions are mostly clear, but there are three things that are confusing me:

First question:
I’m installing the runner to /actions-runner. I can download & unpack it just fine, so long as I’m using sudo. But when I go to configure the runner using sudo, it tells me “Must not run as sudo.” But if I run it without sudo, I don’t have access:

touch: cannot touch ‘.env’: Permission denied
./env.sh: line 37: .path: Permission denied
./env.sh: line 32: .env: Permission denied
Unhandled exception. System.UnauthorizedAccessException: Access to the path ‘/actions-runner/_diag’ is denied.

I see some people online suggest setting RUNNER_ALLOW_RUNASROOT to get past this; but I feel like I must be doing something wrong. Am I installing the runner in the wrong place? Should I or should I not be using sudo?

Second question:
If I bypass the above issue and configure the runner using sudo, then when I go to install it as a service it says it’s going to run using my personal Linux user account. Shouldn’t it create a new “github_runner” system account or something–similar to how the Windows build runner uses the NetworkService account? Do I need to create that user account manually? Are there instructions, guidance, or best practices around which account to use and how to do it? I can’t seem to find anything anywhere …

Third question:
Even if I just allow it to run as my user account, and after calling “./svc.sh start”, the Linux runners still appear as “Offline” in GitHub. What else am I missing?

So after some experimentation, I got it working. Here’s what I’ve found:

The proper approach seems to be to create a “github_runner” user account first, then sudo into that user account and install the runner to ~/action-runner. My three issues all seem to have stemmed from the fact I was trying to install off the root (/) instead of home (~).

So I guess the main takeaway from this post is that I think there should be some additional documentation when setting up a Linux build runner specifically (https://github.com/organizations/<org>/settings/actions/runners/new?arch=x64&os=linux), letting users know to create a user account first, sudo into it, and install the runner to the user account’s home (~). This differs from the Windows install directions–which recommend installing to C:\action-runner–and I think is worth calling out specifically to avoid confusion.