Jenkins cluster in my company runs builds as root user. How to configure cluster/build to run as a different user? Without root privileges ?
Asked
Active
Viewed 1.4k times
2 Answers
2
Builds always run under the user that runs the node agent process. So your options are
- Specify a different user for connecting the node, or
- Switch to a different user during the build (e.g., via
sudoin a shell build step). This is more flexible, but plugin related-code (like SCM checkout) will still run under the root account.
Alex O
- 7,746
- 2
- 25
- 38
-
sudo also requires either setting the sudoers properly on the hosts, or otherwise possibly exposing the password to the sudo in the logs or the properties. You'd also liekly get permission issues at some point. Kinda surprised OP marked this as answer as accepted, but I guess they are te deciders. – Ian W Oct 08 '20 at 00:16
-
OP did not ask about the security implications of his setup. While your security concerns are certainly valid in general, there can be good reasons for not changing the connection at this point. Invoking `sudo` (or `su`) as root user for switching to a non-root user has no (further) impact on security. – Alex O Oct 08 '20 at 06:32
-
1
-
@ChangZhao: this is not necessarily true; it depends on the configuration of `sudo`. – Alex O Aug 25 '21 at 07:46
0
Any agent can be configured to be launched as any user, so do that.
Advise your company Jenkins Admin to change Jenkins immediately to NOT run as root. It does not need root (can be a daemon/service tho) and increases your risk exposure . We use Java Service Wrapper (RUN_AS_USER=jenkins) in Unix. The new windows installer prompts you for the account to use (don't use System despite being the default).
Ian W
- 4,559
- 2
- 18
- 37