I have changed all my linux agents to run as non-root to prevent mistakes such as "rm -rf $(UNDEFINED_VAR)/$(UNDEFINED_VAR2)".
Running the agents work like a charm BUT I still have some things I need to do as root. Not a problem, I sudo that and add my build agent account as a passwordless sudoer.
However, some files are due to this and some other reasons owned by root when the build is done (essentially I install a new linux in a subdir and chroot into it and then do the build). Now there are problems.
When Teamcity starts a new build it has a number of cases where it wants to do a git clean. This does not work when the process is non-root and the files are root-owned.
Is there any way to modify that behaviour? If teamcity did "sudo git clean ..." I'd be fine.
The other option is to always make a clean build, but that mainly postpones the problem until the work/.old directory needs cleaning in addition to increasing build times a lot.
What is the recommended strategy? Always run as root and hope for no bad mistakes in makefiles? Add the build agent account to the root group? Modify the cleanup script?