admin user required on self-hosted runner

[daiyam]

Description: On a self-hosted runner, the install script requires that the user starting the runner to be an admin (due to the sudo commands).

Action version: 4

Platform:

• [ ] Ubuntu
• [x] macOS
• [ ] Windows

Runner type:

• [ ] Hosted
• [x] Self-hosted

Tools version: 3.11.6

Expected behavior: Successful install

Actual behavior: Asking for a password and fails due to not running as an admin user

[dmitry-shibanov]

Hello @daiyam. Thank you for your report. We'll take a look on it.

[mcaulifn]

@dmitry-shibanov Do you have an update on this? Also getting for macos14 installing 3.12

[BodhiMadness]

Hey @dmitry-shibanov - Can we take another look at this and make it a priority?

[chase]

Ideally this would just be relegated to an unprivileged addition to PATH instead of requiring the user to be a sudoer/admin.

Stranger still that the user must be named runner for it to work.

[nickbianco]

I am also getting this error macOS 14 installing Python 3.11.

[plink-plonk-will]

Currently the workarounds are:

1. If your user is not runner you need to fix that as per docs here: https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md#macos

2. To bypass the sudo requiring a password issue, you need to make your user a NOPASSWD sudoer. This is not ideal of course, and the simplest way I found was here: https://jefftriplett.com/2022/enable-sudo-without-a-password-on-macos/

You could add that for just the runner user of course and not the entire admin group.

[fingerart]

My user is runner and cannot be installed normally.

Run actions/setup-python@v5
Installed versions
  Version 3.9 was not found in the local cache
  Version 3.9 is available for downloading
  Download from "https://github.com/actions/python-versions/releases/download/3.9.13-8879985561/python-3.9.13-darwin-arm64.tar.gz"
  Extract downloaded archive
  /usr/bin/tar xz -C /Users/runner/actions-runner/_work/_temp/ec7e2ff5-6535-47ee-bc2b-48d04231a562 -f /Users/runner/actions-runner/_work/_temp/564640f7-10ab-40b0-85f0-94e87921f7fd
  Execute installation script
  Check if Python hostedtoolcache folder exist...
  Creating Python hostedtoolcache folder...
  Install Python binaries from prebuilt package
  Error: sudo: a terminal is required to read the password; either use the -S option to read from standard input or configure an askpass helper
  Error: sudo: a password is required
  Error: The process '/bin/bash' failed with exit code 1

[plink-plonk-will]

@fingerart

2. To bypass the sudo requiring a password issue, you need to make your user a NOPASSWD sudoer. This is not ideal of course, and the simplest way I found was here: https://jefftriplett.com/2022/enable-sudo-without-a-password-on-macos/

You could add that for just the runner user of course and not the entire admin group.

[IanTaylor-catapult]

I'm encountering the same issue. When trying to install python with the setup-python@v5 action on a macstadium orka runner I get this error...

I go through the setup process detailed in the docs here... https://github.com/actions/setup-python/blob/main/docs/advanced-usage.md#macos

Which looks like this in the pipeline...

Fully stuck here. Outside of disabling the password requirement for sudo and regenerating the image we're using, I'm unsure how to solve it. Any help would be appreciated.

[IanTaylor-catapult]

Workaround is to set sudoers to NOPASSWD to avoid the prompt for your automation user. Insecure and bad, but it seems to work.

[fryette]

Workaround is to set sudoers to NOPASSWD to avoid the prompt for your automation user. Insecure and bad, but it seems to work.

This is a bigger security issue than a workaround.