Best practices to avoid Jenkins error: sudo: no tty present and no askpass program specified

linux ubuntu sudo jenkins
35,722

Solution 1

I believe you are looking for this option from man sudoers

   requiretty      If set, sudo will only run when the user is logged in to a real tty.  When this flag     
                   is set, sudo can only be run from a login session and not via other means such as        
                   cron(8) or cgi-bin scripts.  This flag is off by default.

here are my recommendations in order of most secure to least secure:

1) don't let jenkins sudo at all. if you're doing package builds, look into fakeroot. jenkins doesn't need root to build software.

2) if you do need jenkins to have root, consider either restricting the sudo abilities with the sudoers Cmnd options.

3) run jenkins on a disposable VM. if someone roots it, rebuild it and re-evalutate your security choices. I would also recommend running jenkins as an intranet service, only accessible via LAN or VPN. don't forget to include authentication!

Solution 2

if you run a sudo as a jenkins user as part of a script you need two things.

  1. exact copy of the command.. like /bin/chown www-data /var/www

  2. sudo -n exact command

the -n will tell it not to ask for a prompt if its a NOPASSWD.

this fixed me up for running sudo in a script that jenkins calls

Share:
35,722

Related videos on Youtube

s g
Author by

s g

Code bot.

Updated on September 18, 2022

Comments

  • s g
    s g almost 2 years

    When running any sudo command from Jenkins I get the following error:

    sudo: no tty present and no askpass program specified

    I understand that I can solve this by adding a NOPASSWD entry to my /etc/sudoers file which will allow user jenkins to run commands without needing a password. I can add an entry like this:

    %jenkins ALL=(ALL)NOPASSWD:/home/vts_share/test/sudotest.sh

    ...but this leads to the following issue: how to avoid specifying full path in sudoers file?

    I can add an entry like this:

    %jenkins ALL=NOPASSWD: ALL

    ...but this allows user jenkins to avoid the password prompt for all commands, which seems a bit unsafe. I'm just curious what my options are here, and if there are any best practices I should consider.

    • user9517
      user9517 about 11 years
      It seems to me that your problem(s) stem from not really understanding the tools that you are trying to work with. Now would be an opportune time to take a step back and learn some unix fundamentals and read up some on how sudo works.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Best practices to avoid Jenkins error: sudo: no tty present and no askpass program specified
sudo: command not found
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
How to get administrative permissions in Ubuntu?
Ubuntu: Getting sudo access as guest
How can I log into Ubuntu-9.04 as administrator or root?
Unable to Unlock Account on Ubuntu 18.04 - "Account locked due to 50 failed logins"
What is "Sudo -Hiu" for?
Lost permission to use sudo commands
`sudo adduser username admin` leads to `adduser: The group `admin' does not exist.`