How to reset Jenkins security settings from the command line?

Question

Is there a way to reset all (or just disable the security settings) from the command line without a user/password as I have managed to completely lock myself out of Jenkins?

Nowaker · Accepted Answer · 2021-04-29T11:05:06.877

323

The simplest solution is to completely disable security - change true to false in /var/lib/jenkins/config.xml file.

<useSecurity>true</useSecurity>

A one-liner to achieve the same:

sed -i 's/<useSecurity>true<\/useSecurity>/<useSecurity>false<\/useSecurity>/g' /var/lib/jenkins/config.xml

Then just restart Jenkins:

sudo service jenkins restart

And then go to admin panel and set everything once again.

If you in case are running your Jenkins inside a Kubernetes pod and can not run service command, then you can just restart Jenkins by deleting the pod:

kubectl delete pod <jenkins-pod-name>

Once the command was issued, Kubernetes will terminate the old pod and start a new one.

edited Apr 29 '21 at 11:05

answered Dec 05 '13 at 00:08

Nowaker

12,154
4
56
62

3

I needed to restart Jenkins for change to apply. – Or Arbel Feb 25 '14 at 17:22
12

`sudo service jenkins restart` – MonoThreaded Nov 06 '14 at 20:23
11

To those who can't find it their config.xml use `find / -name "config.xml" ` in your terminal. – Laser Hawk Mar 30 '15 at 19:18
After Changing user Security tag to false for restart jenking from command prompt --- http://stackoverflow.com/questions/14869311/start-stop-and-restart-jenkins-service-on-windows – Anurag_BEHS Jul 30 '16 at 18:30
1

This leaves your Jenkins installation unsecured while you recreate your configuration. I prefer aruseni's answer below. – kontextify Aug 02 '16 at 08:38
1

Also file could be located under ~/.jenkins/ folder – Andrii Abramov Jan 03 '17 at 11:07
On mac when installed with brew the config file is at: /Users/Shared/Jenkins/Home/config.xml – Lunero Jan 12 '17 at 22:34
I just lost the password after setting everything up due to my bad use of lastpass and I just did `sudo service jenkins stop` then `sudo yum remove jenkins` and `sudo rm -rf /var/lib/jenkins/` and then I installed jenkins again in my AMI. – nisevi Mar 23 '17 at 17:13
I am not able to change the config.xml as it is readonly. How do i do that – Emjey Mar 05 '19 at 03:59
1

sed -i 's/true<\/useSecurity>/false<\/useSecurity>/g' config.xml – Kerry Jiang Apr 28 '21 at 09:35
The flag reverts to true automatically after restart – aaijmrt May 07 '21 at 07:03
consider volumes when following this steps in case it doesn't work out of the box. – Matthis Kohli Jun 23 '21 at 19:56
I changed the config.xml file as suggested, putting false. I then restarted using the command sudo service jenkins restart. After restarting, the config.xml file changed by itself - I saw the date was updated. When I reopened the file, it was back to true @nowaker – Francis Apr 13 '22 at 10:21

score 205 · Answer 2 · answered May 09 '14 at 12:35

205

One other way would be to manually edit the configuration file for your user (e.g. /var/lib/jenkins/users/username/config.xml) and update the contents of passwordHash:

<passwordHash>#jbcrypt:$2a$10$razd3L1aXndFfBNHO95aj.IVrFydsxkcQCcLmujmFQzll3hcUrY7S</passwordHash>

Once you have done this, just restart Jenkins and log in using this password:

test

answered May 09 '14 at 12:35

Arseny

5,159
4
21
24

1

what if this entry is not there - where to actually put it? – serup Jul 11 '16 at 14:06
3

the `` xml tag is a child of ``. Look at the default admin user for an idea of the total XML structure. – ivandov Jul 27 '16 at 20:46
3

This is a good solution that keeps the installation secure. Out of curiosity, how does one generate that password hash? – kontextify Aug 02 '16 at 08:40
Thank you, this is exactly what I needed! – Matt Cavanagh Sep 06 '16 at 16:55
2

Modifying the contents of file present in C:\Users\\.jenkins\users\admin helped resolve the issue – Sakshi Singla Apr 04 '17 at 06:16
didt work in win7 for me, however able to disable security using the accepted answer. – Vikash Sep 19 '18 at 10:31
what is the password algo used, so that I can decrypt to my password. I totaly understand and agree with this log of using std password. But to be known – indianwebdevil Oct 13 '18 at 04:50
1

Thank you for your amazing answer. To answer a previous question @kontextify , I believe that the user who shared the answer has encrypted the password "test" himself and shared the hash with us. Ideally, there should be no way to get the password from a hash :D. – bem22 Mar 08 '19 at 21:22
This method still works on Tomcat 9. Awesome, thanks! – metaforge Nov 09 '21 at 02:00
Use this online tool to generate the Hash for any password: https://www.javainuse.com/onlineBcrypt – Kapil Khandelwal Feb 05 '22 at 14:28
Not that apart from Jenkins (app / container) restart, you may also need to refresh the login page too. – mirekphd Oct 09 '22 at 11:39

score 46 · Answer 3 · answered Jun 03 '14 at 10:39

46

The <passwordHash> element in users/<username>/config.xml will accept data of the format

salt:sha256("password{salt}")

So, if your salt is bar and your password is foo then you can produce the SHA256 like this:

echo -n 'foo{bar}' | sha256sum

You should get 7f128793bc057556756f4195fb72cdc5bd8c5a74dee655a6bfb59b4a4c4f4349 as the result. Take the hash and put it with the salt into <passwordHash>:

<passwordHash>bar:7f128793bc057556756f4195fb72cdc5bd8c5a74dee655a6bfb59b4a4c4f4349</passwordHash>

Restart Jenkins, then try logging in with password foo. Then reset your password to something else. (Jenkins uses bcrypt by default, and one round of SHA256 is not a secure way to store passwords. You'll get a bcrypt hash stored when you reset your password.)

answered Jun 03 '14 at 10:39

uckelman

25,298
8
64
82

1

This doesn't seem to work. an example starts with a salt of #jbscrypt and then defines encrypt fields $2a$10$. What do these mean? – jrwren Jul 14 '14 at 16:37
My answer worked for me. The additional fields you're seeing are for a different hash format. The library Jenkins uses for handling hashed passwords supports more than one format. The jbcrypt format you're referring to is more secure than sha256 with a salt, but the sha256+salt format can be easily produced from the command line---recall that the point of the exercise is to get back into Jenkins, and then change the password from Jenkins' web interface. – uckelman Jul 15 '14 at 07:14
This also did not work for me. I'll try to find more info on bcrypt – Laurent Picquet May 18 '17 at 15:48
it worked for me. I used the following commands: ``` PASSWORD_DIGEST="$(echo -n "${ADMIN_PASSWORD}{${SALT}}" | sha256sum | awk '{print $1}')" echo "password digest: $PASSWORD_DIGEST" sed -i -e "s#.*#${SALT}:${PASSWORD_DIGEST}#" "/usr/share/jenkins/ref/users/admin/config.xml" sed -i -e "s#.*#${API_TOKEN}#" "/usr/share/jenkins/ref/users/admin/config.xml" ``` – Laurent Picquet May 19 '17 at 07:33
Thanks a mil. Used exact same values and worked like a charm. Got myself back in and reset pass. – Mar 22 '18 at 10:49
Pay attention to the bar: in the . That's your salt. Delete everything in the element, add "bar:", then your hash result. – Virmundi Jan 02 '19 at 20:51

score 44 · Answer 4 · answered Aug 09 '11 at 12:51

44

I found the file in question located in /var/lib/jenkins called config.xml, modifying that fixed the issue.

answered Aug 09 '11 at 12:51

ryanzec

27,284
38
112
169

1

I am using El-Capitan and config.xml couldn't be found in the location – Durai Amuthan.H Mar 08 '16 at 10:52
@DuraiAmuthan.H Did you install it with bitnami stack? The config file would be in `/Applications/jenkins-2.19.3-0/apps/jenkins/jenkins_home/users/admin/config.xml` – siegy22 Dec 02 '16 at 10:01
@ryanzec, Nowakers answer uses the same file but it's better explained, you should consider accepting it as the correct answer. – Katu Mar 19 '18 at 11:16
where we will find the file in hight sierra – prabakaran iOS Jul 30 '18 at 11:51

score 26 · Answer 5 · answered Mar 08 '16 at 14:18

26

In El-Capitan config.xml can not be found at

/var/lib/jenkins/

Its available in

~/.jenkins

then after that as other mentioned open the config.xml file and make the following changes

In this replace <useSecurity>true</useSecurity> with <useSecurity>false</useSecurity>
Remove <authorizationStrategy> and <securityRealm>
Save it and restart the jenkins(sudo service jenkins restart)

answered Mar 08 '16 at 14:18

Durai Amuthan.H

31,670
10
160
241

I am not able to edit the config.xml file actually. When i try to save it using vim it throws that it is a read only file and operation to make it write access is not permitted. – Emjey Mar 05 '19 at 04:01

score 19 · Answer 6 · edited Jul 16 '13 at 18:25

The answer on modifying was correct. Yet, I think it should be mentioned that /var/lib/jenkins/config.xml looks something like this if you have activated "Project-based Matrix Authorization Strategy". Deleting /var/lib/jenkins/config.xml and restarting jenkins also does the trick. I also deleted the users in /var/lib/jenkins/users to start from scratch.

<authorizationStrategy class="hudson.security.ProjectMatrixAuthorizationStrategy">
    <permission>hudson.model.Computer.Configure:jenkins-admin</permission>
    <permission>hudson.model.Computer.Connect:jenkins-admin</permission>
    <permission>hudson.model.Computer.Create:jenkins-admin</permission>
    <permission>hudson.model.Computer.Delete:jenkins-admin</permission>
    <permission>hudson.model.Computer.Disconnect:jenkins-admin</permission>
    <!-- if this is missing for your user and it is the only one, bad luck -->
    <permission>hudson.model.Hudson.Administer:jenkins-admin</permission>
    <permission>hudson.model.Hudson.Read:jenkins-admin</permission>
    <permission>hudson.model.Hudson.RunScripts:jenkins-admin</permission>
    <permission>hudson.model.Item.Build:jenkins-admin</permission>
    <permission>hudson.model.Item.Cancel:jenkins-admin</permission>
    <permission>hudson.model.Item.Configure:jenkins-admin</permission>
    <permission>hudson.model.Item.Create:jenkins-admin</permission>
    <permission>hudson.model.Item.Delete:jenkins-admin</permission>
    <permission>hudson.model.Item.Discover:jenkins-admin</permission>
    <permission>hudson.model.Item.Read:jenkins-admin</permission>
    <permission>hudson.model.Item.Workspace:jenkins-admin</permission>
    <permission>hudson.model.View.Configure:jenkins-admin</permission>
    <permission>hudson.model.View.Create:jenkins-admin</permission>
    <permission>hudson.model.View.Delete:jenkins-admin</permission>
    <permission>hudson.model.View.Read:jenkins-admin</permission>
  </authorizationStrategy>

score 17 · Answer 7 · edited Jul 10 '18 at 00:09

We can reset the password while leaving security on.

The config.xml file in /var/lib/Jenkins/users/admin/ acts sort of like the /etc/shadow file Linux or UNIX-like systems or the SAM file in Windows, in the sense that it stores the hash of the account's password.

If you need to reset the password without logging in, you can edit this file and replace the old hash with a new one generated from bcrypt:

$ pip install bcrypt
$ python
>>> import bcrypt
>>> bcrypt.hashpw("yourpassword", bcrypt.gensalt(rounds=10, prefix=b"2a"))
'YOUR_HASH'

This will output your hash, with prefix 2a, the correct prefix for Jenkins hashes.

Now, edit the config.xml file:

...
<passwordHash>#jbcrypt:REPLACE_THIS</passwordHash>
...

Once you insert the new hash, reset Jenkins:

(if you are on a system with systemd):

sudo systemctl restart Jenkins

You can now log in, and you didn't leave your system open for a second.

it worked, but just to highlight that the method `hashpw` needs a `bytes` parameter instead of `str`, greetings :) — Manuel Lazo, Jul 19 '22 at 22:28

kenorb · Answer 8 · 2017-11-15T11:34:53.550

15

To disable Jenkins security in simple steps in Linux, run these commands:

sudo ex +g/useSecurity/d +g/authorizationStrategy/d -scwq /var/lib/jenkins/config.xml
sudo /etc/init.d/jenkins restart

It will remove useSecurity and authorizationStrategy lines from your config.xml root config file and restart your Jenkins.

See also: Disable security at Jenkins website

After gaining the access to Jenkins, you can re-enable security in your Configure Global Security page by choosing the Access Control/Security Realm. After than don't forget to create the admin user.

edited Nov 15 '17 at 11:34

answered Jul 10 '16 at 13:43

kenorb

155,785
88
678
743

It worked for me, however, it's skipping the authorization now. – hemanto Nov 15 '17 at 10:49
@hemanto You need to enable security to re-enable authorization. I've updated the answer. – kenorb Nov 15 '17 at 11:35

score 14 · Answer 9 · answered Jan 11 '14 at 14:02

To reset it without disabling security if you're using matrix permissions (probably easily adaptable to other login methods):

In config.xml, set disableSignup to false.
Restart Jenkins.
Go to the Jenkins web page and sign up with a new user.
In config.xml, duplicate one of the <permission>hudson.model.Hudson.Administer:username</permission> lines and replace username with the new user.
If it's a private server, set disableSignup back to true in config.xml.
Restart Jenkins.
Go to the Jenkins web page and log in as the new user.
Reset the password of the original user.
Log in as the original user.

Optional cleanup:

Delete the new user.
Delete the temporary <permission> line in config.xml.

No securities were harmed during this answer.

Add to cleanup set disableSignup back to true, and restart jenkins — Marc, Feb 27 '18 at 18:11
Adding the new user (kapil) inside the assignedSIDs tag as follows: ```kapil``` inside the config.xml worked for me. — Kapil Khandelwal, Feb 05 '22 at 14:31

score 14 · Answer 10 · answered Mar 06 '15 at 21:57

14

On the offchance you accidentally lock yourself out of Jenkins due to a permission mistake, and you dont have server-side access to switch to the jenkins user or root... You can make a job in Jenkins and add this to the Shell Script:

sed -i 's/<useSecurity>true/<useSecurity>false/' ~/config.xml

Then click Build Now and restart Jenkins (or the server if you need to!)

answered Mar 06 '15 at 21:57

Nick

2,803
1
39
59

1

How do you create a job in Jenkins in case you have yourself locked out of it? – Gerold Broser May 03 '16 at 00:44
In this case, I had a normal Chrome window logged in and I altered the security settings and tested in an Incognito Window before logging out of the main window. The test did not let me log in, but my sessions persisted in the main window so I could repair the damage. – Nick May 03 '16 at 11:22
1

I believe part of the security settings I'd changed also meant that my auth session no longer had permission to alter Jenkins security configurations. – Nick May 03 '16 at 11:23
Run into this problem after activating `ProjectMatrixAuthorization`. When I do the change and restart Jenkins I see a Java-exception in the Jenkins-UI. To fix this, I removed also the line with `authorizationStrategy` and it was okay again. Jenkins readded it on the next start as an empty tag. – Peter Schneider Oct 04 '17 at 10:03

score 5 · Answer 11 · edited Jan 18 '17 at 22:12

5

\.jenkins\secrets\initialAdminPassword

Copy the password from the initialAdminPassword file and paste it into the Jenkins.

edited Jan 18 '17 at 22:12

DimaSan

12,264
11
65
75

answered Aug 18 '16 at 15:50

Shivam

199
2
4

score 5 · Answer 12 · answered May 05 '18 at 08:25

1 first check location if you install war or Linux or windows based on that

for example if war under Linux and for admin user

/home/"User_NAME"/.jenkins/users/admin/config.xml

go to this tag after #jbcrypt:

<passwordHash>#jbcrypt:$2a$10$3DzCGLQr2oYXtcot4o0rB.wYi5kth6e45tcPpRFsuYqzLZfn1pcWK</passwordHash>

change this password using use any website for bcrypt hash generator

https://www.dailycred.com/article/bcrypt-calculator

make sure it start with $2a cause this one jenkens uses

score 4 · Answer 13 · answered Jun 14 '17 at 08:13

In order to remove the by default security for jenkins in Windows OS,

You can traverse through the file Config.xml created inside /users/{UserName}/.jenkins.

Inside this file you can change the code from

<useSecurity>true</useSecurity>

To,

<useSecurity>false</useSecurity>

score 3 · Answer 14 · answered Sep 07 '18 at 05:12

3

step-1 : go to the directory cd .jenkins/secrets then you will get a 'initialAdminPassword'.

step-2 : nano initialAdminPassword

you will get a password

answered Sep 07 '18 at 05:12

Shaik Zeeshan

39
1

This does not answer the question. – groverboy Jul 01 '21 at 07:06

score 2 · Answer 15 · answered Dec 15 '14 at 19:12

changing the <useSecurity>true</useSecurity> to <useSecurity>false</useSecurity> will not be enough, you should remove <authorizationStrategy> and <securityRealm> elements too and restart your jenkins server by doing sudo service jenkins restart .

remember this, set <usesecurity> to false only may cause a problem for you, since these instructions are mentioned in thier official documentation here.

score 2 · Answer 16 · answered Feb 23 '18 at 12:18

Jenkins over KUBENETES and Docker

In case of Jenkins over a container managed by a Kubernetes POD is a bit more complex since: kubectl exec PODID --namespace=jenkins -it -- /bin/bash will you allow to access directly to the container running Jenkins, but you will not have root access, sudo, vi and many commands are not available and therefore a workaround is needed.

Use kubectl describe pod [...] to find the node running your Pod and the container ID (docker://...)

SSH into the node
run docker exec -ti -u root -- /bin/bash to access the container with Root privileges
apt-get update
sudo apt-get install vim

The second difference is that the Jenkins configuration file are placed in a different path that corresponds to the mounting point of the persistent volume, i.e. /var/jenkins_home, this location might change in the future, check it running df.

Then disable security - change true to false in /var/jenkins_home/jenkins/config.xml file.

<useSecurity>false</useSecurity>

Now it is enough to restart the Jenkins, action that will cause the container and the Pod to die, it will created again in some seconds with the configuration updated (and all the chance like vi, update erased) thanks to the persistent volume.

The whole solution has been tested on Google Kubernetes Engine. UPDATE Notice that you can as well run ps -aux the password in plain text is shown even without root access.

jenkins@jenkins-87c47bbb8-g87nw:/$ps -aux
[...]
jenkins [..] -jar /usr/share/jenkins/jenkins.war --argumentsRealm.passwd.jenkins=password --argumentsRealm.roles.jenkins=admin
[...]

score 1 · Answer 17 · answered Mar 23 '17 at 12:40

1

Easy way out of this is to use the admin psw to login with your admin user:

Change to root user: sudo su -
Copy the password: xclip -sel clip < /var/lib/jenkins/secrets/initialAdminPassword
Login with admin and press ctrl + v on password input box.

Install xclip if you don't have it:

$ sudo apt-get install xclip

answered Mar 23 '17 at 12:40

Thomas Modeneis

687
8
11

Using the default password worked for me. To keep it simple, you could just do 'cat secrets/initialAdminPassword' rather than installing xclip for a one-off. – Paul May 09 '17 at 13:48
Sometimes this password is not present. I am not sure how you can bypass this config but for me, it is not present and I had to edit config.xml – vinicius.hisao Jul 08 '19 at 13:27

score 1 · Answer 18 · answered May 10 '19 at 05:56

Using bcrypt you can solve this issue. Extending the @Reem answer for someone who is trying to automate the process using bash and python.

#!/bin/bash

pip install bcrypt
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum -y install xmlstarlet

cat > /tmp/jenkinsHash.py <<EOF
import bcrypt
import sys

if not sys.argv[1]:
  sys.exit(10)

plaintext_pwd=sys.argv[1]
encrypted_pwd=bcrypt.hashpw(sys.argv[1], bcrypt.gensalt(rounds=10, prefix=b"2a"))
isCorrect=bcrypt.checkpw(plaintext_pwd, encrypted_pwd)

if not isCorrect:
   sys.exit(20);

print "{}".format(encrypted_pwd)
EOF

chmod +x /tmp/jenkinsHash.py
cd /var/lib/jenkins/users/admin*
pwd
while (( 1 )); do
    echo "Waiting for Jenkins to generate admin user's config file ..."

    if [[ -f "./config.xml" ]]; then
        break
    fi

    sleep 10
done

echo "Admin config file created"

admin_password=$(python /tmp/jenkinsHash.py password 2>&1)

# Repalcing the new passowrd
xmlstarlet -q ed --inplace -u "/user/properties/hudson.security.HudsonPrivateSecurityRealm_-Details/passwordHash" -v '#jbcrypt:'"$admin_password" config.xml

# Restart
systemctl restart jenkins
sleep 10

I have kept password hardcoded here but it can be a user input depending upon the requirement. Also make sure to add that sleep otherwise any other command revolving around Jenkins will fail.

score 1 · Answer 19 · answered May 23 '19 at 18:48

To very simply disable both security and the startup wizard, use the JAVA property:

-Djenkins.install.runSetupWizard=false

The nice thing about this is that you can use it in a Docker image such that your container will always start up immediately with no login screen:

# Dockerfile
FROM jenkins/jenkins:lts
ENV JAVA_OPTS -Djenkins.install.runSetupWizard=false

Note that, as mentioned by others, the Jenkins config.xml is in /var/jenkins_home in the image, but using sed to modify it from the Dockerfile fails, because (presumably) the config.xml doesn't exist until the server starts.

score 1 · Answer 20 · answered Jul 19 '22 at 22:27

I will add some improvements based on the solution:

https://stackoverflow.com/a/51255443/5322871

On my scenario it was deployed with Swarm cluster with nfs volume, in order to perform the password reset I did the following:

Attach to the pod:

$ docker exec -it <pod-name> bash

Generate the hash password with python (do not forget to specify the letter b outside of your quoted password, the method hashpw requires a parameter in bytes):

$ pip install bcrypt
$ python
>>> import bcrypt
>>> bcrypt.hashpw(b"yourpassword", bcrypt.gensalt(rounds=10, prefix=b"2a"))
'YOUR_HASH'

Once inside the container find all the config.xml files:

$ find /var/ -type f -iname "config.xml"

Once identified, modify value of the field ( on my case the config.xml was in another location):

$ vim /var/jenkins_home/users/admin_9482805162890262115/config.xml

...
<passwordHash>#jbcrypt:YOUR_HASH</passwordHash>
...

Restart the service:

docker service scale <service-name>=0
docker service scale <service-name>=1

Hope this can be helpful for anybody.

score 0 · Answer 21 · answered Oct 06 '13 at 12:27

I had a similar issue, and following reply from ArtB,

I found that my user didn't have the proper configurations. so what I did:

Note: manually modifying such XML files is risky. Do it at your own risk. Since I was already locked out, I didn't have much to lose. AFAIK Worst case I would have deleted the ~/.jenkins/config.xml file as prev post mentioned.

**> 1. ssh to the jenkins machine

cd ~/.jenkins (I guess that some installations put it under /var/lib/jenkins/config.xml, but not in my case )

vi config.xml, and under authorizationStrategy xml tag, add the below section (just used my username instead of "put-your-username")

restart jenkins. in my case as root service tomcat7 stop; ; service tomcat7 start

Try to login again. (worked for me)**

under

add:

<permission>hudson.model.Computer.Build:put-your-username</permission>
<permission>hudson.model.Computer.Configure:put-your-username</permission>
<permission>hudson.model.Computer.Connect:put-your-username</permission>
<permission>hudson.model.Computer.Create:put-your-username</permission>
<permission>hudson.model.Computer.Delete:put-your-username</permission>
<permission>hudson.model.Computer.Disconnect:put-your-username</permission>
<permission>hudson.model.Hudson.Administer:put-your-username</permission>
<permission>hudson.model.Hudson.ConfigureUpdateCenter:put-your-username</permission>
<permission>hudson.model.Hudson.Read:put-your-username</permission>
<permission>hudson.model.Hudson.RunScripts:put-your-username</permission>
<permission>hudson.model.Hudson.UploadPlugins:put-your-username</permission>
<permission>hudson.model.Item.Build:put-your-username</permission>
<permission>hudson.model.Item.Cancel:put-your-username</permission>
<permission>hudson.model.Item.Configure:put-your-username</permission>
<permission>hudson.model.Item.Create:put-your-username</permission>
<permission>hudson.model.Item.Delete:put-your-username</permission>
<permission>hudson.model.Item.Discover:put-your-username</permission>
<permission>hudson.model.Item.Read:put-your-username</permission>
<permission>hudson.model.Item.Workspace:put-your-username</permission>
<permission>hudson.model.Run.Delete:put-your-username</permission>
<permission>hudson.model.Run.Update:put-your-username</permission>
<permission>hudson.model.View.Configure:put-your-username</permission>
<permission>hudson.model.View.Create:put-your-username</permission>
<permission>hudson.model.View.Delete:put-your-username</permission>
<permission>hudson.model.View.Read:put-your-username</permission>
<permission>hudson.scm.SCM.Tag:put-your-username</permission>

Now, you can go to different directions. For example I had github oauth integration, so I could have tried to replace the authorizationStrategy with something like below:

Note:, It worked in my case because I had a specific github oauth plugin that was already configured. So it is more risky than the previous solution.

  <authorizationStrategy class="org.jenkinsci.plugins.GithubAuthorizationStrategy" plugin="github-oauth@0.14">
    <rootACL>
      <organizationNameList class="linked-list">
        <string></string>
      </organizationNameList>
      <adminUserNameList class="linked-list">
        <string>put-your-username</string>
        <string>username2</string>
        <string>username3</string>
        <string>username_4_etc_put_username_that_will_become_administrator</string>
      </adminUserNameList>
      <authenticatedUserReadPermission>true</authenticatedUserReadPermission>
      <allowGithubWebHookPermission>false</allowGithubWebHookPermission>
      <allowCcTrayPermission>false</allowCcTrayPermission>
      <allowAnonymousReadPermission>false</allowAnonymousReadPermission>
    </rootACL>
  </authorizationStrategy>

score 0 · Answer 22 · answered Oct 17 '13 at 08:16

0

Edit the file $JENKINS_HOME/config.xml and change de security configuration with this:

<authorizationStrategy class="hudson.security.AuthorizationStrategy$Unsecured"/>

After that restart Jenkins.

answered Oct 17 '13 at 08:16

richarbernal

1,063
2
14
32

Emjey · Answer 23 · 2019-03-05T07:29:34.530

0

A lot of times you wont be having permissions to edit the config.xml file.

The simplest thing would be to take a back of config.xml and delete using sudo command.

Restart the jenkins using the command sudo /etc/init.d/jenkins restart

This will disable all the security in the Jenkins and the login option would disappear

edited Mar 05 '19 at 07:29

answered Mar 05 '19 at 04:33

Emjey

2,038
3
18
33

1

If you can delete config.xml with sudo, you can edit it with sudo too. e.g. sudo vi ... – Lee Meador Nov 12 '19 at 18:27

score 0 · Answer 24 · answered Jan 31 '20 at 17:55

0

For one who is using macOS, the new version just can be installed by homebrew. so for resting, this command line must be using:

brew services restart jenkins-lts

answered Jan 31 '20 at 17:55

iman kazemayni

1,255
1
19
20

score 0 · Answer 25 · answered Jan 31 '22 at 19:16

0

The directory where the file is located config.xml in windows

C:\Windows\System32\config\systemprofile\AppData\Local\Jenkins\.jenkins

answered Jan 31 '22 at 19:16

Starostin Aleksandr

1

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Feb 01 '22 at 03:23

How to reset Jenkins security settings from the command line?

25 Answers25

Easy way out of this is to use the admin psw to login with your admin user:

Install xclip if you don't have it:

Linked