How does Jenkins build with the jenkins user in ubuntu while it has no permissions?

Question

I have my project running in ubuntu server and I did everything through the user myname . The project files, all related directories and static files used by my application belongs to the user myname .

Now I want to set up Jenkins Freestyle project for CI/CD in the ubuntu server, when I install Jenkins, a new jenkins user is created.

In the build step, when jenkins performs the job through Execute shell , it executes the shell commands through the jenkins user instead of the default myname user, which has No permissions to anything about the app. Therefore, it's impossible for Jenkins build to work:

1. it cannot execute git pull origin master through jenkins user to pull the latest changes;
2. it cannot run the venv/bin/python myapp.py to start the application
3. even if i change the owner of myapp.py to the jenkins user, the running process cannot access any directories/storages/static files with the jenkins user.
4. So, I'll have to do sudo chown -R jenkins:jenkins * on everything I've worked, everything that's related to my app.

This seems to be really silly. I must have missed something obvious...

What is a elegant way for Jenkins to work?

---

@Raman mentioned that I should run the commands with sudo -u myname ; I tried so:

The Jenkins build Execute shell commands of the Freestyle project are defined as follows:

cd /home/john/jenkins_test/
whoami
sudo -u john whoami 
sudo -u john git pull

The Jenkin build shows the following output:

[test] $ /bin/sh -xe /tmp/jenkins2232617598308237553.sh
+ cd /home/john/jenkins_test/
+ whoami
jenkins
+ sudo -u john whoami
sudo: no tty present and no askpass program specified
Build step 'Execute shell' marked build as failure
Finished: FAILURE

Answer 1

After a long time of searching and trying, I found the solution. Below are a summary of things you can do:

Method 1

reference: jenkins build failure shell command permission denied

Since everything belongs to the myname user, just add the jenkins user to the myname group:

sudo usermod -a -G myname jenkins

and the command groups jenkins should show:

> myname@vm:~/myname/jenkins_test$ groups jenkins
> jenkins : jenkins myname

Now you must restart jenkins for this change to take effect:

 `sudo systemctl restart jenkins`

Build again, it works. This is the method I've tried.

Method 2

I have not tried this method yet. Just listing it for reference. In the Jenkins build Execute shell , put commands with sudo , eg sudo git pull ; When building, there will be an error:

sudo: no tty present and no askpass program specified

In order for jenkins user to run as sudo , edit the /etc/sudoers file:

sudo visudo

and add this line to the end of the file: jenkins ALL=(ALL) NOPASSWD: ALL

Then restart Jenkins

ref: https://stackoverflow.com/a/37653164/3703783

https://stackoverflow.com/a/24648413/3703783

Method 3

I have not tried this method yet. Just listing it for reference.

change jenkins default user to myname in sudo vi /etc/default/jenkins ;
To restart successfully, also need to change owner of: /var/lib/jenkins

/var/log/jenkins

/var/cache/jenkins

to the myname user.

ref: https://dev-admin-docs.readthedocs.io/en/latest/Jenkins%20CI/Run_Jenkins_Under_Another_Username/

http://blog.manula.org/2013/03/running-jenkins-under-different-user-in.html

I still cannot believe it... This is such a basic question to anyone who tries to use Jenkins, and yet I couldn't find official documentations about it..

Answer 2

I could not find any documentation about this first step required on a Linux box either.

Following your method 1 the following seems to work for me after installation with yast on OpenSUSE 15.1

• Changed the entry for the "jenkins" user in /etc/passwd so "jenkins" group is the development group.
• chown /var/lib/jenkins to be owned by jenkins:development
• Changed the umask of development group members so group members have write permission
• restart the host