Problem Description
Workflow log subdirectories downloaded to /tmp/gh-aw/aw-mcp/logs/ are created with drwxr-x--- (mode 750) owned by root:root, making them inaccessible to the runner user (uid=1001). This causes Permission denied errors when users try to browse or inspect logs manually.
Steps to Reproduce
- Use the
logs MCP tool to download recent workflow run logs
- Inspect the downloaded log directories:
find /tmp/gh-aw/aw-mcp/logs/ -type f
ls -la /tmp/gh-aw/aw-mcp/logs/run-25092547646/workflow-logs/
- Observe
Permission denied errors for subdirectories like activation, conclusion, detection, pre_activation, safe_outputs
Expected Behavior
Downloaded log files and directories should be readable by the runner user that invoked the download.
Actual Behavior
find: '/tmp/gh-aw/aw-mcp/logs/run-25092547646/workflow-logs/activation': Permission denied
find: '/tmp/gh-aw/aw-mcp/logs/run-25092547646/workflow-logs/detection': Permission denied
find: '/tmp/gh-aw/aw-mcp/logs/run-25092547646/workflow-logs/pre_activation': Permission denied
find: '/tmp/gh-aw/aw-mcp/logs/run-25092547646/workflow-logs/conclusion': Permission denied
find: '/tmp/gh-aw/aw-mcp/logs/run-25092547646/workflow-logs/safe_outputs': Permission denied
Directory permissions observed:
drwxr-x--- 2 root root 4096 activation
drwxr-x--- 2 root root 4096 conclusion
drwxr-x--- 2 root root 4096 detection
drwxr-x--- 2 root root 4096 pre_activation
drwxr-x--- 2 root root 4096 safe_outputs
The runner user uid=1001(runner) gid=1001(runner) cannot read these directories because they are owned by root:root with group-execute but no world-read/execute bits.
Environment
- Repository: github/gh-aw
- Run ID: §25092801510
- Date: 2026-04-29
- Discovered during: Daily CLI Tools Exploratory Testing
Impact
- Severity: Medium
- Frequency: Always (affects all downloaded log runs)
- Workaround: Use the MCP
audit tool to inspect specific runs instead of browsing the filesystem directly. The MCP tools themselves are unaffected as they re-download from GitHub Actions API.
Additional Context
The MCP audit tool functions correctly despite these permission issues (it fetches logs independently), so this only affects direct filesystem inspection. However, it degrades the developer experience when manually investigating downloaded logs.
References:
§25092801510
Generated by Daily CLI Tools Exploratory Tester · ● 1.3M · ◷
Problem Description
Workflow log subdirectories downloaded to
/tmp/gh-aw/aw-mcp/logs/are created withdrwxr-x---(mode 750) owned byroot:root, making them inaccessible to therunneruser (uid=1001). This causesPermission deniederrors when users try to browse or inspect logs manually.Steps to Reproduce
logsMCP tool to download recent workflow run logsPermission deniederrors for subdirectories likeactivation,conclusion,detection,pre_activation,safe_outputsExpected Behavior
Downloaded log files and directories should be readable by the runner user that invoked the download.
Actual Behavior
Directory permissions observed:
The runner user
uid=1001(runner) gid=1001(runner)cannot read these directories because they are owned byroot:rootwith group-execute but no world-read/execute bits.Environment
Impact
audittool to inspect specific runs instead of browsing the filesystem directly. The MCP tools themselves are unaffected as they re-download from GitHub Actions API.Additional Context
The MCP
audittool functions correctly despite these permission issues (it fetches logs independently), so this only affects direct filesystem inspection. However, it degrades the developer experience when manually investigating downloaded logs.References:
§25092801510