How do I properly allow user jenkins to write to a specific directory under user minecraft home directory?

permissions cp move jenkins
28,924

The traditional way would be using groups. User Jenkins is added to the the minecraft-group (the corrosponding group for user minecraft). Then the minecraft-user gives the minecraft-group write-permissions for the directory in question (eg. chmod g+w ~minecraft/some_directory). Of course it's also possible (for root) to create a custom group just be used with this directory (eg. a new group minewriters or something). If the minecraft-user is the administrator og the minecraft-group, he can add users to the group with gpasswd -a user group ( gpasswd -a jenkins minecraft ) - else root must add users to the group.

A newer, better and more fine-tuned way (though a bit complex) is using Access Control Lists (acl), where the owner of a file or directory can give specific users and/or groups access to a file or directory. The minecraft-user would just add jenkins to the "access-list" of the directory in question, and give jenkins write-permissions to the directory.

setfacl -m user:jenkins:rwx ~minecraft/some_directory

This will give the user jenkins the right to create new files (w), list the contens with ls (r) and change into the directory (x).

+++

Access to files and directories are somewhat dependent on the users' access to the directories above. If user jenkins can't enter the home-directory of user minecraft (/home/minecraft), then he can't access any directories under it either... even if he has been given permission with chmod or setfacl to the particular directory.

So user minecraft must implicitely or explicitely also give user jenkins at least execute (x) permission to his home-directory (and all directories between his home-directory and the directory jenkins shall be allowed to write to). Execute permission for a directory, gives the right to "enter" the directory (eg. with the cd command). Most user will also appriciate having read-permission (r) - which gives them the right to list directory-content with commands like ls - so they can orient themselves.

If the permissions of minecraft's home-directory already is 'rwxr-x---' or 'rwxr-xr-x' (which is often is) that is enough... if it's 'rwx------' then access must be modified to give at least members of the minecraft-group - or user jenkins - access.

+++

It's also a good idea to add the sticky-bit to the directory jenkins should be allowed to write to (ie. chmod a+t ~minecraft/some_directory ). This prevents users with write-permissions to a directory from deleting files belonging to other users (with the exception of the directory's owner, which still may delete any files).

Share:
28,924
user3809867
Author by

user3809867

Updated on September 18, 2022

Comments

  • user3809867
    user3809867 almost 2 years

    I am using Jenkins, I want to copy a file from the Jenkins directory in to the minecraft user directory, but I am not sure how to go about this, as when I run

    cp build/versions/*.info /home/*minecraft*/www/files/Minecraft/versions

    I get 'Permission Denied'

    • terdon
      terdon almost 10 years
      Hi and welcome to the site! Please edit your question to clarify 1) what user is running the cp command; 2) permission denied to what? The source directory or the target? 3) What are the permissions on the target directory? Ideally, add the output of this command: d=/home/minecraft/www/files/Minecraft/versions; while [[ "$d" =~ home ]] ; do ls -ld $d; d=${d%/*}; done.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

what permissions should jenkins have to execute shell-commands without being insecure?
cp - cannot create regular file : permission denied
Permission denied (even as root) on a mounted ISO image with Furius ISO Mount
Jenkins - Publish Over SSH - UNSTABLE - Permission denied
Privileges for jenkins at apache's folder
Unix "cp -p". Can I preserve attributes selectively?
Linux permissions and owner being preserved with cp
Permission denied when using Jenkins to run commands
What are the different job permissions possible in Jenkins, and what are the reasons you would use each?
cp: cannot create regular file: Permission denied