Analysis updated 2026-07-10 · repo last pushed 2019-11-04
Run production deployment builds under a dedicated deployment account with elevated access.
Execute normal compile jobs under a restricted user account for better security isolation.
Share a single TeamCity agent across projects by impersonating different users per build via build parameters.
| yaegor/runas | 0xhassaan/nn-from-scratch | 0xzgbot/hermes-comfyui-skills | |
|---|---|---|---|
| Stars | — | 0 | 0 |
| Language | — | Python | — |
| Last pushed | 2019-11-04 | — | — |
| Maintenance | Dormant | — | — |
| Setup difficulty | moderate | moderate | easy |
| Complexity | 3/5 | 4/5 | 1/5 |
| Audience | ops devops | developer | designer |
Figures from each repo's GitHub metadata at analysis time.
Requires TeamCity server plus agents running under a privileged account capable of spawning processes as other users, and a helper program like PsExec or sudo.
The RunAs plugin for JetBrains TeamCity lets you run automated build jobs under different user accounts, or perform extra actions before or after a build. The core benefit is security and flexibility: in a shared continuous-integration setup you can isolate jobs from one another and control exactly which permissions each build gets. TeamCity is a server that automatically compiles, tests, and packages software. By default its "build agents" run each job under a single fixed account. This plugin adds a configurable command that wraps the build script, so the script can be handed off to another executable or user before it runs. You set a property on the agent pointing to a helper program, such as Windows Sysinternals PsExec or the Linux sudo command, and the plugin injects the real build command into that helper. Build parameters can supply the target username and password, so a single agent can impersonate different users per project. This is useful for teams that need strict permission boundaries. For example, a build that deploys to production might require an account with deployment access, while a normal compile job should use a restricted account. On Linux, the plugin's example script changes ownership of the working and temp directories to the target user, then runs the build via sudo. A practical requirement is that the agent itself must already be running under a privileged account, since it needs permission to spawn and manage processes as other users. The project is built in IntelliJ IDEA and packaged as a zip that you drop into the TeamCity plugins folder, after which a server restart pushes the update to all agents. The README provides Windows and Linux examples but doesn't go into detail on advanced configuration beyond them.
A TeamCity plugin that runs build jobs under different user accounts for security isolation and flexible permission control in shared CI environments.
Dormant — no commits in 2+ years (last push 2019-11-04).
No license information is provided in the explanation, so the permissions for using this code are unknown.
Setup difficulty is rated moderate, with roughly 30min to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.