I have installed jenkins on linux machine and configured it.
As part of automation of build process, I want to copy my war form one directory to another. I tried doing so using the PRE BUILD ACTION and executing shell command.
cp /from directory /to directory
Build fails giving permission denied. I have tried several ways by providing root level permission to the user I log into the jenkins.
Nothing works.
I am not if I am giving permission to the right user or not.
Any help would be highly appreciated.
Please note I am new to LINUX/UNIX.
To find out the user that is starting Jenkins, use whoami in a pre build action and look at the build log to see what user is carrying out the build scripts. It will probably be different than the user that owns the folder you are trying to get jenkins to copy the war into.
Rather than make the user that jenkins is running a root user (a security risk since now your jenkins scripts can perform privileged actions), you can add that user to the same group that the user that owns the folder is in.
Lets say I ran whoami in a jenkins script and the user turned out to be user1, and the user that owns the folder you are trying to copy the war into, user2. You would want to add user1 to the same group that user2 is in, and modify the folder permissions to allow modifications of people in the same group.
To add user1 to the same group as user2:
usermod -a -G user2 user1
Then modify the permission of the folder you want to copy into:
chmod g+w /path/to/directory
Related
Im using gitlab-runner to deploy my php application to nginx web server.
To deploy im using this steps:
1. delete all files in folder /var/www/site
2. move files from gitlab repository to /var/www/site
All these actions are performed only after pushing to repository new changes.
I have a problem. Files that copied to /var/www/site owned by gitlab-runner.
After uploading file from post form, files owned by www-data (nginx user).
After next push, gitlab cant deploy because it's failed on first step. user gitlab-runner hasn't right to delete www-data files.
I cant change nginx user to gitlab-runner for a reason, and i don't know how to change gitlab-runner to another user.
Anyone can help me?
You can use the command chown to change the owner of a file.
chmod uu:gg will set the owner of the file to uu and the group to gg.
You can change permissions of a file with chmod command.
chmod g+w will give write access to file to users of the group of
With this commands you should be able to set the group of the files to a group compatible with git-lab (check initial group of files with ls -l command)
I'm trying to use Jenkins to deploy to a custom workspace but am having permissions issues. The custom workspace folder is /var/www/workspace which is owned by www-data and in the www-data group as normal. I have added my jenkins user to the www-data group and the folder has writable permissions on user and group level. When I run the Jenkins build it fails because it doesn't have permission to clone into the folder. The only thing I can think of that may be stopping this from happening is the fact that the var folder is owned by root even though www and all folder below this are owned by www-data
Any advice appreciated.
Do one thing, go to /var/www/ and type the following command and paste output:
ll
Responding to your comment, to change the owner and group of /var/www/workspace and all files under it you can use:
chown -R jenkins:www-data /var/www/workspace
In the end I changed the user that Jenkins is running as from Jenkins to www-data. Probably not the ideal way to do things but as this is on a non public facing server it suits my purpose. Now when a build has completed I get Jenkins to run a couple of chmod commands to make sure file permissions are correct and the files are already in the www-data group so all works nicely.
What I'm basically trying to do is allow jenkins access my android-sdk-linux folder and all the sub-directories. My boss does not want to change permissions on the folder himself. I am supposed to do it during the build process. I have seen some examples that run some commands in the execute shell during the build process. Is there some commands that can I can run in that execute shell so that jenkins can have read write and execute authority on my android-sdk-linux folder?
As bcolfer said, you should be able to just run your shell commands with "sudo" in front of it. You will want to be sure that the user that started the Jenkins slave is a sudoer.
As root, run "visudo", this will open the /etc/sudoers file. At the bottom add a line similar to this if it is not a current sudoer:
jenkins ALL=(ALL) NOPASSWD: ALL
"Jenkins" being the user that started the slave.
OR
You could try adding the user to the group that owns that directory. IF you run "ls -l" you should be able to see the permissions and then the user, and the group that owns the directory. Once you know the group, as root run:
usermod -a -G group Jenkins
"Jenkins" being the user that started the slave, and "group" being the actual group name.
One possibility is to use sudo to run commands that specifically target those files. There are a bunch of ways to manage the sudo privileges limit and log what actions happen on those files.
I am using Jenkins to build my project in a Linux machine. During build operation files are read from a source location and files are to be copied to a new destination location.The source and destination locations are input by the user from Jenkins UI. I want the user to be able to select any folder located within his/her home folder as source or destination. For example: /home/jdoe/folder.
Currently, any folder inside /var/lib/jenkins, with jenkins:nogroup user-group, can be selected. However, a folder inside /home/jdoe/folder with same (jenkins:nogroup) user-group, and with the same permissions as the folders within /var/lib/jenkins, cannot be selected. I get a permission denied error on trying to read or write inside /home/jdoe/folder.
What can I do to enable reading and writing to a folder within the home folder of the currently logged in user? Can I set up Jenkins in a certain way to be able to do that, or do I have to change group settings for the home folder?Could you suggest a good configuration for me to be able to make this work?
Would there be any difference in using Jenkins on an Windows platform?
First make sure that the folder is having read-write access for jenkins user group.
sudo chmod -R 77 /home/jdoe
Also as in comment by Daniel, grant execute permission on the /home/jdoe folder.
sudo chmod a+x /home/jdoe
I have a script (test.sh) on a local server, which works fine when executed in a terminal. The script removes a directory, and recreates a directory local. It then connects to a remote server using "ssh -i $private_key .." and copies a file there.
When I execute this script in jenkins with
sh test.sh
it doesnt work. I get the following errors:
rm: .. Permission denied
mkdir: .. Permission denied
Warning: Identity file /.ssh/private_key not accessible: Permission denied.
Jenkins is on the same server as the script.
I see that Jenkins is another user and cant do everything that I'm doing as root; how can I set the permissions without losing all security. Especially in case of the private_key, it would be silly to set the permissions to easy - it is currently set to 600 (read and write permission for the owner) and the owner is root.
The whole point of setting the private key's permissions to 600 is that no other user should be able to access it. If you have placed the keys in another user's home directory (/home/anotheruser/.ssh), then neither the Jenkins user, nor anyone else (except root) will be able to access it. This is as designed.
If you want your Jenkins user to be able to use the private key, copy it over to the jenkins users home directory as well (/home//.ssh).
Also, if you are trying to delete/create directories in some other user's directory as the Jenkins user without providing permissions, you will get a permissions error. This is because of security. The only way to allow this is the allow the Jenkins user to make changes to those directories.
One safe option is to add the Jenkins user to the same group as the other user. Once you do this, set the permissions on the directories you want to read from and write to, to allow anyone in the user's group to make changes.
rwxrwx---
The above permissions will allow the owner of the folder and any other users in the same group to make changes, but will not allow anyone else. This is safe, since you control who is part of the other user's group.
EDIT
It looks like your error has changed, though. You're not getting permission denied any more. Can you still do it through terminal? The reason (I think) it is saying that the host key verification has failed is because your key was originally created for the other user. I realise I said to do this in the answer above, but it is not the right way.
As the jenkins user, can you run the following commands:
ssh-keygen (say yes or agree if it asks if you want to replace your current keys)
ssh-copy-id -i ~/.ssh/id_rsa.pub remoteuser#remote_server
ssh remoteuser#remote_server
If this works, try your script through the terminal, and then through jenkins again...