Why does my GitLab CI job timeout exactly at 60 minutes even if my project timeout is higher?

There are three levels of timeouts in GitLab CI: Project, Runner, and Job. If your project timeout is set to 2 hours, but the specific GitLab Runner picking up the job has its own internal timeout set to 60 minutes in its config.toml, the runner's limit will enforce the 60-minute cutoff. Check the runner configuration or the specific `timeout:` keyword in your `.gitlab-ci.yml`.

My script works perfectly locally, but hangs and times out in GitLab CI. What is wrong?

This is almost always caused by a command expecting interactive user input. For example, `apt-get install` without the `-y` flag will pause and wait for the user to type 'Y'. Since CI environments are non-interactive, the job will hang indefinitely until the timeout limit is reached. Always use non-interactive flags (e.g., `apt-get -y`, `npm ci`, `--quiet`).

How do I fix 'Permission denied' when trying to execute a bash script from my repository?

The file lacks execute permissions in Git. You need to tell Git to track the file as an executable. On your local machine, run `git update-index --chmod=+x path/to/script.sh`, then commit and push the change.

Why am I getting permission denied when uploading artifacts?

If your job creates files as the 'root' user (often the case in Docker containers) but the runner process attempts to package those artifacts as a less privileged user (like 'gitlab-runner'), it will fail to read the files. Ensure the user executing the CI commands is the same user responsible for generating the artifact files, or adjust file ownership before the job completes using `chown`.

Is it possible to timeout a single specific job earlier than the project default?

Yes. You can specify a timeout on a per-job basis in your `.gitlab-ci.yml` file using the `timeout` keyword. For example, `timeout: 10m` will fail the specific job if it takes longer than 10 minutes, overriding the project default.

Resolving 'GitLab CI Timeout' and 'Permission Denied' Errors: A Complete Troubleshooting Guide

Fix GitLab CI pipeline timeouts and permission denied errors. Learn how to debug runner execution times, fix runner token issues, and optimize your CI/CD jobs.

Last updated: February 23, 2026

Last verified: February 23, 2026

1,376 words

Key Takeaways

GitLab CI timeouts are usually caused by resource exhaustion, infinite loops, or misconfigured runner timeout limits.
Permission denied errors often stem from incorrect file permissions in the runner environment, invalid SSH keys, or expired runner tokens.
Quick fix: Check the project's CI/CD timeout settings and ensure the runner has sufficient privileges and resources to execute the job.

Fix Approaches Compared
Method	When to Use	Time	Risk
Increase Project Timeout	When jobs legitimately take longer than the default 60 minutes.	1 min	Low - May delay feedback on actual failures
Optimize Job Execution	When jobs are stuck installing dependencies or compiling without caching.	30-60 mins	Low - Improves overall pipeline efficiency
Fix Runner Permissions	When facing 'Permission denied' during script execution or artifact upload.	5 mins	Medium - Requires modifying runner execution context or user
Upgrade Runner Resources	When the runner is CPU/Memory starved causing extreme slowdowns.	15 mins	Medium - May incur additional infrastructure costs

Understanding the Error

When working with GitLab CI/CD, one of the most frustrating roadblocks engineers face is the dreaded job timeout or the abrupt 'permission denied' failure. These errors halt your deployment pipeline and can leave your team scrambling for answers.

The 'GitLab CI Timeout' Error

The typical error message looks like this: ERROR: Job failed: execution took longer than 1h0m0s seconds

This occurs when a job exceeds the maximum execution time allowed. By default, GitLab sets this to 60 minutes for project-level timeouts, but runners can also have their own specific timeout configurations. Timeouts generally fall into two categories: legitimate long-running tasks (like massive test suites or complex Docker builds) and hung processes (like a script waiting for user input, a network connection that silently drops, or an infinite loop).

The 'Permission Denied' Error

You might see something like: bash: line 105: ./deploy.sh: Permission denied or ERROR: Job failed (system failure): prepare environment: access denied.

These indicate that the GitLab Runner, or the specific user executing the CI job within the container or shell, lacks the necessary filesystem permissions, network access rights, or SSH keys to perform the requested action. It can also happen if the runner's registration token has been revoked or if the runner process on the host machine doesn't have Docker daemon access.

Step 1: Diagnose the Timeout

Before blindly increasing timeout limits, you must determine why the job is taking so long.

Review the Job Logs: Scroll to the bottom of the job log in the GitLab UI. Where did it stop? If it stopped during an apt-get install or npm install, you might be facing network throttling or missing caches. If it stopped after a custom script execution without any output, the script might be hung waiting for interactive input (e.g., prompting for a password or a [Y/n] confirmation).
Enable CI Debug Trace: Add a CI/CD variable CI_DEBUG_TRACE set to true. This will output highly verbose logs showing exactly what the runner is doing behind the scenes, which is invaluable for pinpointing exactly where the stall occurs.
Check Resource Utilization: If you manage the runner infrastructure, check the CPU, memory, and disk I/O. A runner that is thrashing its swap space will execute commands orders of magnitude slower, leading to timeouts.

Step 2: Fix the Timeout

If you have confirmed that the job simply needs more time (e.g., compiling a large C++ project), you can increase the timeout limit.

To change the Project Timeout:

Go to your project's Settings > CI/CD.
Expand the General pipelines section.
Locate the Timeout field.
Enter a value in minutes (e.g., 120 for two hours).
Click Save changes.

To change the Runner-specific Timeout: If your project timeout is high, but jobs still fail early, the runner itself might have a hard limit. You must edit the config.toml file of your GitLab Runner and adjust the [runners] section to include timeout = <seconds>.

However, the best fix is usually optimization. Implement caching for dependencies, utilize Docker image registries for pre-built environments rather than installing tools on every run, and split monolithic jobs into smaller, parallel matrix jobs.

Step 3: Diagnose and Fix 'Permission Denied'

If your pipeline fails due to permissions, identify the context of the failure.

Scenario A: Script Execution Permissions If a shell script in your repository throws Permission denied when executed, the file likely lacks the executable bit. Git tracks this. Fix: Run git update-index --chmod=+x your_script.sh locally, commit, and push.

Scenario B: Docker Socket Permissions If you are using Docker-in-Docker (DinD) or the runner needs to build images, and you see Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running? or a permission error on the socket. Fix: Ensure the gitlab-runner user is added to the docker group on the host machine running the runner: sudo usermod -aG docker gitlab-runner.

Scenario C: SSH Key Authentication If your CI job needs to SSH into a server to deploy and fails with Permission denied (publickey). Fix: Ensure you have correctly added the private SSH key to the CI/CD variables (ideally masked and protected). In your .gitlab-ci.yml, ensure the key is properly formatted and loaded into the ssh-agent before use, and that you have set the correct strict host key checking parameters if necessary.

By systematically analyzing the logs and understanding the execution context of the GitLab Runner, you can swiftly resolve these common CI/CD bottlenecks and restore a smooth, automated workflow for your development team.

Frequently Asked Questions

bash

# Diagnostic commands to run within the CI job before the failing step

# 1. Check current user and groups to debug permission issues
id
whoami

# 2. Check file permissions of the specific script
ls -la ./scripts/deploy.sh

# 3. Enable debug tracing for the shell
set -x

# Fix: Adding executable permission to a script via Git
git update-index --chmod=+x scripts/deploy.sh
git commit -m "Fix: Add execute permission to deploy script"

# Fix: Example of properly loading an SSH key for deployment
eval $(ssh-agent -s)
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
mkdir -p ~/.ssh
chmod 700 ~/.ssh
ssh-keyscan -H $SERVER_IP >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts

DevOps Troubleshooting Team

A collective of Site Reliability Engineers and DevOps practitioners dedicated to resolving complex CI/CD pipeline failures and sharing best practices for robust automation.

Sources

Explore More DevOps Config Guides

Ansible Failed: Fix Connection Refused, Permission Denied & Timeout Errors

Fix Ansible failures including connection refused, permission denied, and timeout errors. Step-by-step diagnosis with real commands and verified solutions.

ArgoCD 'connection refused' Error: Complete Troubleshooting Guide (2024)

Fix ArgoCD 'connection refused', CrashLoopBackOff, ImagePullBackOff, and timeout errors with step-by-step diagnostic commands and proven solutions.

ArgoCD Connection Refused: Fix CrashLoopBackOff, ImagePullBackOff, Permission Denied & Timeout Errors

Fix ArgoCD connection refused errors: diagnose CrashLoopBackOff, ImagePullBackOff, permission denied, and timeout with step-by-step kubectl commands and config