diff --git a/pipeline/backend/local/local.go b/pipeline/backend/local/local.go
index 2405c19bb..50321b8e7 100644
--- a/pipeline/backend/local/local.go
+++ b/pipeline/backend/local/local.go
@@ -44,7 +44,7 @@ var notAllowedEnvVarOverwrites = []string{
 
 type workflowState struct {
 	stepCMDs     map[string]*exec.Cmd
-	baseDir      string
+	user         string
 	homeDir      string
 	workspaceDir string
 }
@@ -79,23 +79,17 @@ func (e *local) Load(context.Context) error {
 func (e *local) SetupWorkflow(_ context.Context, conf *types.Config, taskUUID string) error {
 	log.Trace().Str("taskUUID", taskUUID).Msg("create workflow environment")
 
-	baseDir, err := os.MkdirTemp("", "woodpecker-local-*")
-	if err != nil {
-		return err
-	}
+	user := conf.Stages[0].Steps[0].Environment["CI_COMMIT_AUTHOR"]
 
 	state := &workflowState{
 		stepCMDs:     make(map[string]*exec.Cmd),
-		baseDir:      baseDir,
-		workspaceDir: filepath.Join(baseDir, "workspace"),
-		homeDir:      filepath.Join(baseDir, "home"),
-	}
-
-	if err := os.Mkdir(state.homeDir, 0o700); err != nil {
-		return err
+		user:         user,
+		workspaceDir: filepath.Join("/tmp", user, conf.Stages[0].Steps[0].Environment["CI_REPO_NAME"]),
+		homeDir:      filepath.Join("/home", user),
 	}
 
-	if err := os.Mkdir(state.workspaceDir, 0o700); err != nil {
+	err := exec.Command("sudo", "-u", state.user, "mkdir", "-p", state.workspaceDir).Run()
+	if err != nil {
 		return err
 	}
 
@@ -132,7 +126,8 @@ func (e *local) StartStep(ctx context.Context, step *types.Step, taskUUID string
 	// Set HOME
 	env = append(env, "HOME="+state.homeDir)
 
-	var command []string
+	// Run command as commit author user
+	command := []string{"sudo", "-E", "-u", state.user}
 	if step.Image == constant.DefaultCloneImage {
 		// Default clone step
 		// TODO: use tmp HOME and insert netrc and delete it after clone
@@ -209,16 +204,6 @@ func (e *local) TailStep(_ context.Context, step *types.Step, taskUUID string) (
 func (e *local) DestroyWorkflow(_ context.Context, conf *types.Config, taskUUID string) error {
 	log.Trace().Str("taskUUID", taskUUID).Msgf("delete workflow environment")
 
-	state, err := e.getWorkflowStateFromConfig(conf)
-	if err != nil {
-		return err
-	}
-
-	err = os.RemoveAll(state.baseDir)
-	if err != nil {
-		return err
-	}
-
 	workflowID, err := e.getWorkflowIDFromConfig(conf)
 	if err != nil {
 		return err