jenkins slave runs as user

jenkins permissions active-directory
13,047

Solution 1

The problem is: there is only one slave process running the different job assigned to that server by the Jenkins master.
So the slave itself runs as one user (generally, a dedicated account or a system account).

Since you can get the user id as environment variable (with a plugin like JENKINS Build User Vars Plugin), you might consider configuring the job in order for it build step to "run as" the user who triggered the build.
See for instance the JENKINS Authorize Project plugin.

https://wiki.jenkins-ci.org/download/attachments/70877566/authorize-project_01_globalsecurity.png?version=2&modificationDate=1439085782000&api=v2

https://wiki.jenkins-ci.org/download/attachments/70877566/authorization-page.png?version=1&modificationDate=1486871612000&api=v2

However, as mentioned this answer:

The "Authorize Project" plugin does not change the OS level user that is running commands.
It only sets the Jenkins user that is running the job and any downstream jobs, using Jenkins authentication (whatever it might be).

So you are left with build step with runas or su -c commands in order to be sure that your task does run with the right user.

Solution 2

I had the similar issue and I can recall for managing more control on projects I used role strategy plugin and setup global security using LDAP servers (Active directory should also be ok). And I used authorized project plugin. Have a look and I hope it should solve your purpose. Let me know on comment section for any clarification.

Solution 3

you can partially fix your problem this way:

  • install the slave as a service using the Java Web Start method and JLNP
  • go to Services control panel in windows
  • under Properties -> Connection replace the local system connection with a specific user
  • rebooted the service

This at least gives you the ability to use one account instead of system.

Share:
13,047
RockScience
Author by

RockScience

Updated on June 13, 2022

Comments

  • RockScience
    RockScience about 2 years

    I have a jenkins setup with multiple users which are logging in with Active Directory plugin. This is useful so that each user can access his own tasks.

    However each user also has different permissions on the local network, such as access to different folders etc. I have noticed that the permissions given to each task is not linked to the user but to the account under which the slave is running as service. Is there a way to change that so that the task is executed on the slave under the credential (and hence permissions) of the user?

    Thank you

  • VonC
    VonC about 7 years
    For Windows runas, for instance, see jenkins-ci.361315.n4.nabble.com/… and the /savecred option.
  • RockScience
    RockScience about 7 years
    Unfortunately "Authorize-project plugin controls only authorizations of Jenkins, not those of OS."

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

what permissions should jenkins have to execute shell-commands without being insecure?
TF246017 Error when opening TFS Administration Console
How do I view the Jenkins server console output on the local filesystem?
Active Directory Allow User to Install Only
Jenkins - Publish Over SSH - UNSTABLE - Permission denied
"You don't have permission to copy files to this location over the network" error
GPO only works on authenticated users
Privileges for jenkins at apache's folder
How do I properly allow user jenkins to write to a specific directory under user minecraft home directory?
Effective Permissions displays incorrect information