27

I spend several days setting up the file /etc/sudoers to be able to give permissions to root to the user jenkins. I have Jenkins installed on my server because I host several projects with symfony, ionic, neo4j, etc... The problem is that I can not do build in the projects with ionic, I get this error:sudo: no tty present and no askpass program specified. This is the content of my /etc/sudoers file:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
jenkins ALL=(ALL) NOPASSWD: ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
Braiam
  • 1
  • 11
  • 47
  • 78
Ander Acosta
  • 1,060
  • 1
  • 12
  • 25
  • 2
    Please see http://stackoverflow.com/a/24648413/54506 (it talks about a line should be last in the sudoers ..) – Jayan Jun 03 '16 at 04:21
  • 1
    Keep in mind that those `sudoers` settings need to be set on specific node where build is happening, which doesn't need to be a `master`. – luka5z Jun 03 '16 at 05:31

3 Answers3

44

I've tested the solution described by @Jayan in the comments of the question. You must include the new line at the end of the file:

Solution: https://stackoverflow.com/a/24648413/54506

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults    env_reset
Defaults    mail_badpass
Defaults    secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
jenkins ALL=(ALL) NOPASSWD: ALL
Community
  • 1
  • 1
Ander Acosta
  • 1,060
  • 1
  • 12
  • 25
  • Adding jenkins ALL=(ALL) NOPASSWD: ALL to sudoers file works like a charm, Thank you. – M.A Majid Feb 19 '20 at 16:44
  • 2
    This is amazingly no bueno! If your jenkins instance in any shape or form becomes vulnerable, an attacker will gain complete access to the hosts. It's a bad idea to allow any service (especially those that have interactive languages) root access. Use setcap instead! – Braiam Feb 23 '21 at 21:21
  • bad bad bad! giving jenkins the keys to the kingdom? what if someone exploits jenkins? game over! – Barry Chapman May 18 '22 at 04:06
8

This is just a response to elaborate on the steps to take to fix the issue.

First thing, figure out which user Jenkins GUI is using to execute the bash shell script.

select the project > Configure > enter whoami in the executable shell > save and Build Now. enter image description here View result in build history > click console output

User may be tomcat or jenkins or whatever.

SSH into Jenkins server

  1. sudo su
  2. visudo
  3. tomcat ALL=(ALL) NOPASSWD: ALL #if user displayed is tomcat enter image description here
Wale
  • 379
  • 4
  • 5
4

This is quite possible that you are adding a wrong user to the sudoers file. This happened to me as well and the solution to add an entry in sudoers file wasn't working for me. You will need to know the actual user that your jenkins is using to execute commands. For this purpose you can add a build step (Execute shell) within your jenkins with the following command:

whoami

Then try running the jenkins job again and in the console output, you will see the user that jenkins is using to execute commands. You will then need to add this user to your sudoers file. For example if the user was 'tomcat', you will add the following line to the end of your sudoers file:

tomcat ALL=(ALL) NOPASSWD: ALL

Ref: http://techrofile.com/jenkins-sudo-no-tty-present-and-no-askpass-program-specified-with-nopasswd/

yasirfarooqui
  • 193
  • 1
  • 9