RE: Run jenkins jobs as different user or switch user during the execution
you could do something along the line of su testuser -c 'command to run as
testuser'
From: jenkinsci-users@googlegroups.com [jenkinsci-users@googlegroups.com] on
behalf of Amit Chettri [amitchettri...@gmail.com]
Sent: Wednesday, October 07, 2020 9:24 PM
To: Jenkins Users
Subject: Run jenkins jobs as different user or switch user during the execution
Hello,
I have a requirement where I need to switch user in between in the pipeline run
:
:
steps
{
script
{
sh """
sudo su - testuser
whoami
"""
:
:
:
}
}
but during the pipeline run user is not switch and its still the jenkins user
+ sudo su - testuser
Last
login: Thu Oct 8 00:35:26 IST 2020
+
whoami
jenkins
how can I run the job as a different user or switch user to testuser without
making any change to $ sudo vim /etc/sysconfig/jenkins
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/38B822B13B092D4C832A97382607EFDF07CFA3AD%40ERDE.irisgmbh.local.
RE: Kubernetes Plugin: How to run commands within agent container as non-root?
Hi Vincent,
I am fairly certain, that the images are identical, as I used to pod image from
the jenkins logs (jenkins/inbound-agent:4.3-4). The second image I used in the
pipeline for the build process was https://hub.docker.com/r/kasproject/kas
which also should have a non-root user (builder, uid 3). I am not sure how
Jenkins handles the containerisation, but unless there is some magic in the
background I do not understand, it should be one of those images.
Best regards
Mit freundlichen Grüßen
Jasper Orschulko
Build- und Configurationsmanager
Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@irisgmbh.de<mailto:jasper.orschu...@irisgmbh.de>
• • • • • • • • • • • • • • • • • • • • • • • • • •
iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin
Geschäftsführer
M.-O. Brammann | R. Bönick | A. Thun
Amtsgericht Berlin-Charlottenburg
HRB 41 448 | USt-ID-Nr. DE 137228225
www.irisgmbh.de
From: jenkinsci-users@googlegroups.com [jenkinsci-users@googlegroups.com] on
behalf of Vincent Latombe [vincent.lato...@gmail.com]
Sent: Friday, September 11, 2020 11:50 AM
To: Jenkins Users
Subject: Re: Kubernetes Plugin: How to run commands within agent container as
non-root?
> [Pipeline] container
What is your container definition? I really doubt it is the same image as what
you're running through docker CLI.
Vincent
Le jeu. 10 sept. 2020 à 19:59, iris Jasper Orschulko
mailto:jasper.orschu...@irisgmbh.de>> a écrit :
I am trying to run a Pipeline in a Kubernetes agent, which needs to execute
commands as non-root user. So I tried setting the securityContext of the Pod to
1000 (the default jenkins user) as described here:
https://plugins.jenkins.io/kubernetes/. However, the user does not exist in the
container within Kubernetes:
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Yocto Build)
[Pipeline] container
[Pipeline] {
[Pipeline] script
[Pipeline] {
[Pipeline] sh
+ set -ex
+ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System
(admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
However, when running the same image (jenkins/inbound-agent:4.3-4) in docker
directly, there is a jenkins user:
sudo docker run -it --rm jenkins/inbound-agent:4.3-4 bash
jenkins@255a3961e41e:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System
(admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
jenkins:x:1000:1000:Jenkins user:/home/jenkins:/bin/sh
Any ideas why this might be the case? Is this intentional? If so, what would be
the right way to run the container as non-root?
Best regards
Mit freundlichen Grüßen
Jasper Orschulko
Build- und Configurationsmanager
Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@irisgmbh.de<mailto:jasper.orschu...@irisgmbh.de>
• • • • • • • • • • • • • • • • • • • • • • • • • •
iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin
Geschäftsführer
M.-O. Brammann | R. Bönick | A. Thun
Amtsgericht Berlin-Charlottenburg
HRB 41 448 | USt-ID-Nr. DE 137228225
www.irisgmbh.de<http://www.irisgmbh.de>
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to
Kubernetes Plugin: How to run commands within agent container as non-root?
I am trying to run a Pipeline in a Kubernetes agent, which needs to execute
commands as non-root user. So I tried setting the securityContext of the Pod to
1000 (the default jenkins user) as described here:
https://plugins.jenkins.io/kubernetes/. However, the user does not exist in the
container within Kubernetes:
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Yocto Build)
[Pipeline] container
[Pipeline] {
[Pipeline] script
[Pipeline] {
[Pipeline] sh
+ set -ex
+ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System
(admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
However, when running the same image (jenkins/inbound-agent:4.3-4) in docker
directly, there is a jenkins user:
sudo docker run -it --rm jenkins/inbound-agent:4.3-4 bash
jenkins@255a3961e41e:~$ cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System
(admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/usr/sbin/nologin
jenkins:x:1000:1000:Jenkins user:/home/jenkins:/bin/sh
Any ideas why this might be the case? Is this intentional? If so, what would be
the right way to run the container as non-root?
Best regards
Mit freundlichen Grüßen
Jasper Orschulko
Build- und Configurationsmanager
Tel. +49 30 58 58 14 265
Fax +49 30 58 58 14 999
jasper.orschu...@irisgmbh.de
• • • • • • • • • • • • • • • • • • • • • • • • • •
iris-GmbH
infrared & intelligent sensors
Ostendstraße 1-14 | 12459 Berlin
Geschäftsführer
M.-O. Brammann | R. Bönick | A. Thun
Amtsgericht Berlin-Charlottenburg
HRB 41 448 | USt-ID-Nr. DE 137228225
www.irisgmbh.de
--
You received this message because you are subscribed to the Google Groups
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-users/38B822B13B092D4C832A97382607EFDF07CF24E0%40ERDE.irisgmbh.local.
