Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Bitbucket self-hosted runner user

Svetlozar Petkov
Svetlozar Petkov July 10, 2023

I looked over the internet, but I could not find the answer to this question.

What user does the bitbucket runner use when installed in a linux server ?

For example gitlab uses the gitlab-runner user in bitbucket how can you define which user the runner uses and is it possible to do so ? The question is for both docker and linux shell.

Answer
Watch
Like Be the first to like this
930 views

1 answer

1 accepted

1 vote
Answer accepted
Patrik S
Patrik S
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
July 11, 2023

Hello @Svetlozar Petkov and thank you for reaching out to the community!

  • For Linux docker runner :

    When installing docker in your machine, the docker daemon by default uses the root user. If you want to run docker daemon in rootless mode, you will need to install docker following the instructions of Run docker daemon as non-root user.

    As for the user inside the runner container, it's also using the root user as default.
  • For the Linux Shell runner : 

    The user that executed the runner start script. It will usually be the user of the terminal session where you executed the ./start.sh pre-defined script you received when creating the runner.

Thank you, @Svetlozar Petkov !
Patrik S

View More Comments
Svetlozar Petkov
Svetlozar Petkov July 12, 2023

Thank you for the response. This cleared things up nicely!

Like
iamnst
iamnst October 6, 2024

Hi @Patrik S,

I have been exploring ways to run self-hosted Bitbucket runners without requiring privileged mode (privileged: true). Specifically, I attempted to use the docker:23.0-dind-rootless image in combination with the Bitbucket runner image (docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner) as an alternative to the docker:23.0.0-dind image. Unfortunately, this led to various errors. Additionally, I tested integrating the Kaniko image alongside the Bitbucket runner image, but encountered Java-related errors during the process.

Given this, I have the following questions:

  1. Is there a recommended approach to securely build container images in Bitbucket using self-hosted runners, without needing privileged mode enabled?
  2. Does Bitbucket officially support tools such as Kaniko or Podman to allow for daemonless builds, thus eliminating the requirement for Docker daemon root privileges?

I noticed that GitLab provides clear documentation on how to use Kaniko for secure, daemonless builds (e.g., GitLab Documentation on Kaniko), but I was unable to find similar resources within the Bitbucket community. Having detailed guidance on this topic would be extremely helpful for Bitbucket users as well.

I would greatly appreciate your guidance or any best practices for addressing this use case.

Thank you for your time and assistance.

Like
iamnst
iamnst October 6, 2024

This is the kubernetes yaml for my self hosted bitbucket runners

apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: stage-bitbucket-runner
name: stage-bitbucket-runner
spec:
replicas: 1
selector:
matchLabels:
app: stage-bitbucket-runner
template:
metadata:
labels:
app: stage-bitbucket-runner
spec:
serviceAccountName: bitbucket-runner-sa
containers:
- name: stage-bitbucket-runner
  image: docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner
  imagePullPolicy: IfNotPresent
  resources:
    limits:
     cpu: 4000m
     memory: 4000Mi
     ephemeral-storage: "8Gi"
    requests:
     cpu: 50m
     memory: 100Mi
     ephemeral-storage: "4Gi"
  envFrom:
  - secretRef:
    name: stage-bitbucket-runner-repo-secret
    env:
    - name: OAUTH_CLIENT_ID
      value: 
    - name: OAUTH_CLIENT_SECRET
      value: 
    - name: WORKING_DIRECTORY
      value: "/tmp"
  volumeMounts:
  - name: tmp
    mountPath: /tmp
  - name: docker-containers
    mountPath: /var/lib/docker/containers
    readOnly: true
  - name: var-run
    mountPath: /var/run

- name: docker-in-docker
  image: docker:23.0-dind
  resources:
   limits:
     cpu: 4000m
     memory: 4000Mi
     ephemeral-storage: 4Gi
   requests:
     cpu: 50m
     memory: 100Mi
     ephemeral-storage: 2Gi
   securityContext:
     privileged: true
   volumeMounts:
   - name: tmp
     mountPath: /tmp
   - name: docker-containers
     mountPath: /var/lib/docker/containers
   - name: var-run
     mountPath: /var/run

volumes:
- name: tmp
- name: docker-containers
- name: var-run

 

 

Like
Reply

Suggest an answer

Log in or Sign up to answer
Bitbucket
Bitbucket
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.