DevOps Zone
DevOps Zone is brought to you in partnership with:

' ! Moshe Kaplan constantly helps successful firms getting to the next level and he is thrilled to uncover some of his secrets. Mr. Kaplan is a seasoned project management and cloud technologies lecturer. He is also known to be a cloud and SCRUM evangelist Moshe is a dSero.com Co-Founder. He was a R&D Director at Essence Security, led RockeTier and served as a board member in the IGT and as a department head at a top IDF IT unit. Moshe holds M.Sc and B.Sc from TAU. Moshe is a DZone MVB and is not an employee of DZone and has posted 34 posts at DZone. You can read more from them at their website. View Full User Profile

Jenkins? Tomcat? Running Code w/ Permissions?

02.09.2013
| 869 views |
  • submit to reddit

Related MicroZone Resources

Wield Puppet Like a Pro!

Learn Puppet in Hours! VM Sandbox

1K FREE Pre-Built Configs

Why DevOps? Why Now?

A Practical Intro To Puppet and DevOps

Like this piece? Share it with your friends:

| More

This script will probably help you! If you need to run some "SUDO" commands from Jenkins, you will probably need to first: 

1) Add jenkins user to SUDO, and 
2) Avoid passwords.

The following code will do it like a miracle:

echo 'jenkins  ALL= NOPASSWD: ALL' >> /etc/sudoers
echo 'Defaults:jenkins    !requiretty' >> /etc/sudoers

Published at DZone with permission of Moshe Kaplan, author and DZone MVB. (source)

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Adam Evans replied on Sat, 2013/02/09 - 5:24pm

Depending who has access to configure your Jenkins jobs this is a bad idea as essentially you are granting anyone root access who can configure a job using the ALL option. 

I like to manually specify in the sudoers which commands can be run by jenkins using the NOPASSWD as you did. It's a little more inconvenient but gives extra piece of mind. Sometimes I'll also wrap a group of commands up in a shell script and add that to the sudoers. 

Moshe Kaplan replied on Sat, 2013/02/09 - 6:35pm in response to: Adam Evans

Thanks Adam for the good advice.

Usually Jenkins is considered to be a trusted environment, but keeping it a little bit more secure will not hurt anybody,

Keep Performing,

Moshe Kaplan

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
"Starting from scratch" is seductive but disease ridden
-Pithy Advice for Programmers