[JIRA] (JENKINS-57529) Unable to identify builds run as SYSTEM user

9 views
Skip to first unread message

jfairchild@gmail.com (JIRA)

unread,
May 17, 2019, 11:52:03 AM5/17/19
to jenkinsc...@googlegroups.com
Jeff Fairchild created an issue
 
Jenkins / Bug JENKINS-57529
Unable to identify builds run as SYSTEM user
Issue Type: Bug Bug
Assignee: ikedam
Attachments: image-2019-05-17-11-48-24-356.png, image-2019-05-17-11-49-15-611.png, image-2019-05-17-11-50-21-011.png
Components: authorize-project-plugin
Created: 2019-05-17 15:51
Environment: amazon linux,
Jenkins ver. 2.172
Priority: Minor Minor
Reporter: Jeff Fairchild

https://jenkins.io/doc/book/system-administration/security/build-authorization/

 

All builds are set to run as the User who triggered the build.

but the warning never goes away

 

The general build authorization properties are: 

 

Expected behavior: Show the builds running as SYSTEM. Allow admin user to purge those builds and respect the Per-project configuration.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

devld@ikedam.jp (JIRA)

unread,
May 17, 2019, 8:42:02 PM5/17/19
to jenkinsc...@googlegroups.com
ikedam assigned an issue to Unassigned
 

This is an issue of Jenkins core as this warning is shown by Jenkins core.
Change By: ikedam
Component/s: core
Component/s: authorize-project-plugin
Assignee: ikedam

o.v.nenashev@gmail.com (JIRA)

unread,
May 20, 2019, 5:44:02 PM5/20/19
to jenkinsc...@googlegroups.com

dbeck@cloudbees.com (JIRA)

unread,
May 21, 2019, 2:45:02 AM5/21/19
to jenkinsc...@googlegroups.com

I see two problems here:

  • There's no always-applicably configuration. Builds triggered by SCM changed or by timer (cron) don't have a "User who triggered the build" associated with them, so they will run as SYSTEM unless overridden in the project config.
  • The priority order of these authorizations is from top to bottom and the first applicable will be used. Therefore it makes no sense to place the default "User who triggered the build" higher than the project overridable "user who triggered the build", and projects configured to run as anonymous will only do so if no "User who triggered the build" can be determined.
Reply all
Reply to author
Forward
0 new messages