I have a script (test.sh) on a local server, which works fine when executed in a terminal. The script removes a directory, and recreates a directory local. It then connects to a remote server using "ssh -i $private_key .." and copies a file there.
When I execute this script in jenkins with
sh test.sh
it doesnt work. I get the following errors:
rm: .. Permission denied
mkdir: .. Permission denied
Warning: Identity file /.ssh/private_key not accessible: Permission denied.
Jenkins is on the same server as the script.
I see that Jenkins is another user and cant do everything that I'm doing as root; how can I set the permissions without losing all security. Especially in case of the private_key, it would be silly to set the permissions to easy - it is currently set to 600 (read and write permission for the owner) and the owner is root.
The whole point of setting the private key's permissions to 600 is that no other user should be able to access it. If you have placed the keys in another user's home directory (/home/anotheruser/.ssh), then neither the Jenkins user, nor anyone else (except root) will be able to access it. This is as designed.
If you want your Jenkins user to be able to use the private key, copy it over to the jenkins users home directory as well (/home//.ssh).
Also, if you are trying to delete/create directories in some other user's directory as the Jenkins user without providing permissions, you will get a permissions error. This is because of security. The only way to allow this is the allow the Jenkins user to make changes to those directories.
One safe option is to add the Jenkins user to the same group as the other user. Once you do this, set the permissions on the directories you want to read from and write to, to allow anyone in the user's group to make changes.
rwxrwx---
The above permissions will allow the owner of the folder and any other users in the same group to make changes, but will not allow anyone else. This is safe, since you control who is part of the other user's group.
EDIT
It looks like your error has changed, though. You're not getting permission denied any more. Can you still do it through terminal? The reason (I think) it is saying that the host key verification has failed is because your key was originally created for the other user. I realise I said to do this in the answer above, but it is not the right way.
As the jenkins user, can you run the following commands:
ssh-keygen (say yes or agree if it asks if you want to replace your current keys)
ssh-copy-id -i ~/.ssh/id_rsa.pub remoteuser#remote_server
ssh remoteuser#remote_server
If this works, try your script through the terminal, and then through jenkins again...
Related
I'm trying to setup a code-server (vscode in browser) instance and read/write from a mounted samba share. Unfortunately when I try to add a file it gives me an error that I do not have permissions to read/write to that folder. When I try to add files with the same credentials on Windows it does work though. This is the error that VSCode gives me:
Unable to write file
'vscode-remote://localhost:8080/home/user/repository/test'
(NoPermissions (FileSystemError): Error: EACCES: permission denied,
open '/home/gmetitieri/user/test')
If I sudo touch file.txt then the file will be created and added. I already used chmod and added full access to the folder but it still won't work. Is this a credentials thing or am I missing something?
I already tried this answer but it still doesn't let me write as non-root
Edit: This is the command I used to mount the drive (just with different folder names and IP address):
sudo mount -t cifs -o rw,vers=3.0,credentials=/root/.examplecredentials //192.168.18.112/sharedDir /media/share
Considering "non-root through Samba", especially in new releases of OpenSuse (...15.3 -- 15.4), I do few movements into normal configuration panels (no sudo commands or anything technical).
Using Yast Firewall section -- For now (immediate solution):
I turn off the firewall, then see what you can turn on (after this) to keep the samba working with Microsoft Windows.
More details on how to do this with images on my website.
This happens when the directory on the Samba share does not have permission for non-root users.
In your smb4.conf file:
[test]
comment = Test share
path = /path/to/directory
force user = unixuser
valid users = sambauser
In this example, unixuser should be the owner of the files in /path/to/directory. The user logged into Samba in this example is a user called sambauser.
I am running a default t2.nano ec2 linux ami. Nothing is changed on it. I am trying to rsync my local changes to the server. There is a permissions issue that I don't know enough about to fix.
My structure is as follows. I'm trying to push my work to the technology directory. The technology directory is mapped to a staging domain. i.e. technology.staging.com
:/var/www/html/technology
this is from the root, and it does work fine, it's the rsync that is failing.
when I push locally to that directory I get a "failed: Permission denied (13)" error.
I'm running an nginx server and assigned permissions to the www directory as follows:
sudo chown -R nginx:nginx /var/www
My user is ec2-user which is the normal default. Here is where I am tripped up. You can see the var directory is given root access.
You can see that the www directory then has permissions set to nginx so our server can access the files. I believe I need to add the ec2-user to this directory as well as the nginx user so that I can rsync my files there and the server will still have access I'm just unsure of how to do that.
As a test, I created a test directory at this location and it worked successfully.
:/home/ec2-user/test
you can see the permission here are set for the ec2-user which is why it works i'm sure.
Here's the command I'm running on my local machine to rsync my files which fails.
rsync -azP -e "ssh -i /Users/username/devwork/company/comp.pem" company_technology/ ec2-user#1.2.3.4:/var/www/html/technology
Here's the command that was working.
rsync -azP -e "ssh -i /Users/username/devwork/company/comp.pem" company_technology/ ec2-user#1.2.3.4:/home/ec2-user/test
I have done enough research and testing to know that it's a permissions error, I just can't figure out the right way to solve it. Do I need to create a group and assign both the nginx and ec2-user to the group and then give that group the same permissions level on the :/var directory.
Side note, what permissions level do I set for the chown to make these permissions that are currently set?
I have server config files in the :/etc/nginx/conf.d/ directory that map to the directories I create inside of :/var/www/html directory so I can have multiple sites hosted on the server.
So in this example, I have a config file at :/etc/nginx/conf.d/technology.conf which maps to the directory at :/var/www/html/technology
Thank you in advance, again, I do feel like I have put forth the research and effort to show that I've gone as far as I know how to do.
The answer made sense after I spent roughly a day playing around. You have to give access to both the ec2-user and the nginx group. I believe you never want to put a user in a group that involves the server itself, I think things would go south.
After changing the owner to both the ec2-user and nginx group, it still didn't work exactly the way I wanted it to. The reason was, I needed the nginx permissions to be updated to what they had when they were assigned the user role.
Basically, theec2-user had write permissions and the server did not. we wanted the user to have write permissions so they could rsync my local files to the directory on the server, and the nginx group needed the same level of permissions to display the pages. Now that I think about it, the nginx group may have only needed read permissions to display things, but this at least solved the problem for now.
Here is the command I ran on the server to update the ownership and the permissions, as well as the output.
modify ownership
sudo chown -R ec2-user:nginx :/var/www/html/technology
modify permissions
sudo chmod -R o=rwx,g+rwx,o-w technology
The end result looks like this
You can see the permissions match, and the ownership is as we expected. The only thing I have to figure out is after I rsync new files to the server, I need to run the previous code to update the permissions again. I'm sure that will come to me later, but I hope this helps anyone in the same situation.
I have installed jenkins on linux machine and configured it.
As part of automation of build process, I want to copy my war form one directory to another. I tried doing so using the PRE BUILD ACTION and executing shell command.
cp /from directory /to directory
Build fails giving permission denied. I have tried several ways by providing root level permission to the user I log into the jenkins.
Nothing works.
I am not if I am giving permission to the right user or not.
Any help would be highly appreciated.
Please note I am new to LINUX/UNIX.
To find out the user that is starting Jenkins, use whoami in a pre build action and look at the build log to see what user is carrying out the build scripts. It will probably be different than the user that owns the folder you are trying to get jenkins to copy the war into.
Rather than make the user that jenkins is running a root user (a security risk since now your jenkins scripts can perform privileged actions), you can add that user to the same group that the user that owns the folder is in.
Lets say I ran whoami in a jenkins script and the user turned out to be user1, and the user that owns the folder you are trying to copy the war into, user2. You would want to add user1 to the same group that user2 is in, and modify the folder permissions to allow modifications of people in the same group.
To add user1 to the same group as user2:
usermod -a -G user2 user1
Then modify the permission of the folder you want to copy into:
chmod g+w /path/to/directory
I have a file on my desktop that I need to FTP to a server. As I've been navigating this server, I need to login with initial credentials to access the box and then needed to run sudo -u [username] ksh to access the folder I need. (No password)
In Filezilla however, I only enter credentials once and therefore, don't have the option to sudo as the user and get permissions to the folder.
Am I going about this process wrong and if so, what's the usual way to do this?
There is no way to switch user on the ftp protocol. You need to know the correct credentials in the first place.
The closest you could come would be to ftp the files to a directory you do have access to, log in with a shell, and then move the files using shell commands after switching user.
I am using Jenkins to build my project in a Linux machine. During build operation files are read from a source location and files are to be copied to a new destination location.The source and destination locations are input by the user from Jenkins UI. I want the user to be able to select any folder located within his/her home folder as source or destination. For example: /home/jdoe/folder.
Currently, any folder inside /var/lib/jenkins, with jenkins:nogroup user-group, can be selected. However, a folder inside /home/jdoe/folder with same (jenkins:nogroup) user-group, and with the same permissions as the folders within /var/lib/jenkins, cannot be selected. I get a permission denied error on trying to read or write inside /home/jdoe/folder.
What can I do to enable reading and writing to a folder within the home folder of the currently logged in user? Can I set up Jenkins in a certain way to be able to do that, or do I have to change group settings for the home folder?Could you suggest a good configuration for me to be able to make this work?
Would there be any difference in using Jenkins on an Windows platform?
First make sure that the folder is having read-write access for jenkins user group.
sudo chmod -R 77 /home/jdoe
Also as in comment by Daniel, grant execute permission on the /home/jdoe folder.
sudo chmod a+x /home/jdoe