Is it possible to run jenkins job on a slave as a linux user?

20 views
Skip to first unread message

Kr1stom

unread,
Jan 6, 2017, 4:26:48 AM1/6/17
to Jenkins Users
Hi

Is there any possibility to run jenkins job on a slave as a linux user? 
At the moment it is configured in our jenkins quite insecure. In jenkins master we have one default user which is used to launch slave agents on Unix machines: (username1) and there's a job what is running on a certain slave which does sudo su -username2 with a password before the actual activity. This causes password and username revealing in jobs console output.

My question is that is there any better way to change the username from which i could run the scripts on the slave after the master has activated the job? 

Dirk Heinrichs

unread,
Jan 6, 2017, 4:34:15 AM1/6/17
to jenkins...@googlegroups.com
Am 06.01.2017 um 10:26 schrieb Kr1stom:
My question is that is there any better way to change the username from which i could run the scripts on the slave after the master has activated the job? 

Add a NOPASSWD directive to the relevant line in /etc/suoders, for example:

%sudo   ALL=(ALL:ALL) NOPASSWD:ALL

This means "all members of the sudo group can execute all commands without providing a password".

You would, of course, enable more restrictions. See "man sudoers" for details.

HTH...

    Dirk
--
Dirk Heinrichs
Senior Systems Engineer, Delivery Pipeline
OpenTextTM Discovery | Recommind
Email: dirk.he...@recommind.com
Website: www.recommind.de

Recommind GmbH, Von-Liebig-Straße 1, 53359 Rheinbach

Vertretungsberechtigte Geschäftsführer John Marshall Doolittle, Gordon Davies, Roger Illing, Registergericht Amtsgericht Bonn, Registernummer HRB 10646

This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden

Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail sind nicht gestattet.

Reply all
Reply to author
Forward
0 new messages