[JIRA] [cli] (JENKINS-21086) jenkins-cli requires Overall/Read permission for anonymous to perform a safe-shutdown

[shiry...@gmail.com (JIRA)]

Roman Shiryaev updated JENKINS-21086 jenkins-cli requires Overall/Read permission for anonymous to perform a safe-shutdown Change By: Roman Shiryaev (19/Dec/13 8:06 AM) Description: Previously (Jenkins 1.534) we were using jenkins-cli to automate safe shutdown. But after upgrade to ver. 1.544 it stopped working. Our configuration uses Project-based Matrix Authorization Strategy. Here are 3 main users who involved into the shutdown procedure: * Anonymous - all permissions unset. * authenticated - Overall/Read, Job/Read, Job/Build * special jenkins-cli user - with Overall/Administer  permission And here is the command to perform a safe shutdown {code} java -jar jenkins-cli.jar -s http://localhost:8080 safe-shutdown --username "$JCLIUSER" --password "$JCLIPASSWD" {code} So it has been working perfectly with the above configuration until I upgraded Jenkins to 1.544 Now the command throws the error {quote} hudson.security.AccessDeniedException2: anonymous is missing the Overall/Read permission at hudson.security.ACL.checkPermission(ACL.java:54) at hudson.model.Node.checkPermission(Node.java:418) at hudson.cli.declarative.CLIRegisterer$1.main(CLIRegisterer.java:180) at hudson.cli.CliManagerImpl.main(CliManagerImpl.java:92) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:622) at hudson.remoting.RemoteInvocationHandler$RPCRequest.perform(RemoteInvocationHandler.java:299) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:280) at hudson.remoting.RemoteInvocationHandler$RPCRequest.call(RemoteInvocationHandler.java:239) at hudson.remoting.UserRequest.perform(UserRequest.java:118) at hudson.remoting.UserRequest.perform(UserRequest.java:48) at hudson.remoting.Request$2.run(Request.java:328) at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72) at hudson.cli.CliManagerImpl$1.call(CliManagerImpl.java:63) at hudson.remoting.InterceptingExecutorService$2.call(InterceptingExecutorService.java:95) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) at java.util.concurrent.FutureTask.run(FutureTask.java:166) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1146) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:701) {quote} Of course, if I grant the permission to Anonymous, it will work. But I assume this is unsafe.

This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators. For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.