Jenkins puts the jenkins user's home to /Users/Shared/Jenkins by default. After we are setting up the Jenkins user correctly (making it admin, putting it into the Developer group: _xcs, changing password, allow it to login automatically, run as a LauchAgent, etc.).
Because it is in the Shared folder everyone has writing and reading permissions to this directory, not just Jenkins. (Correct me if I'm wrong: if we leave things by default and one day we enable File Sharing every user on the network will have Read & Write permissions to Jenkins's home.)
I don't believe it would be a great thing (everyone has access for the .ssh/ folder, so the private keys won't be private for long...), what are the recommendations for solving this possible issue?
Currently I set everyone to no access (750). Is it a good solution?
drwxr-x---+ 21 jenkins _xcs 714B Jun 15 11:20 Jenkins
Related
After updating macOS to Mojave (10.14.4), my Mac was restarted and upon opening Jenkins (at localhost:8080) it appeared that I've lost all my jobs and the entire system configurations.
There was only 1 user (admin) defined in my installation and my usual password was deemed invalid, when I tried to log back in. So, I tried entering another password I normally used and it was accepted. I then found that all my jobs and configs have disappeared. It looked as if I've just started Jenkins for the first time.
Looking through here on StackOverFlow, there were suggestions to check the JENKINS_HOME variable to find out where the jobs are saved on the disk, but when I typed export $JENKINS_HOME I just get an empty response. So, it looks like I've never configured it during set up.
I then dig through the hard drive and found the folders matching the names of the jobs I created under ~/.jenkins/workspace. However, the contents of all the folders are empty. I was expecting to see the usual files, e.g. build.xml, config.xml, etc.
I then did a global search for build.xml and config.xml on Mac Finder it turned up nothing.
Any idea where my jobs went and what could have caused all the contents of the folders of the jobs to be empty?
You can find your Jenkins installation directory in "Manage Jenkins" -> "configure System" --> "Home directory". Find what was the Jenkins home before you restart MAC. It looks like your home directory is either deleted by you or you are pointing to new folder now. Set it to earlier folder.
If can help,
I'm having a similar problem.
The curious part is about the new directory after the service restart ".jenkins" directory inside :
'/var/root/'.
And now, the password that Jenkins request me is not from
'/Users/username/.jenkins/secrets/initialAdministratorPassword' but from the newst one with same path pattern.
Simon
I have an embedded system running linux and I have busybox installed for running different services. One of the services is ftpd, which I start like this from the etc/init.d/rcS file:
tcpsvd 0.0.0.0 21 ftpd -w -v /mnt/flash&
I have two users in the system, root and a regular user. Root user can easily connect to the FTP server, but when I try to login with the regular user's credentials, I get this error:
ftpd[678]: can't change root directory to '/mnt/flash': Operation not permitted
Now, I thought that it must be a directory permission problem, and I started with changing permissions on the /mnt/flash directory first, but after this didn't work, I ended up having all my files in file-system including / to be owned by this regular user and have drwxrwxrwt permissions (just to find the cause of the problem). But I still get this error.
I have also tried to start ftpd with different root folders, including /.
I also couldn't find any config files for the ftpd in my file-system, maybe I need to create one manually? If so, which one and how to tell ftpd to allow user logins?
I'd really appreciate any help. Thanks.
Well, after trying some random things, I discovered that user login works fine if there is no directory changing involved at all:
tcpsvd 0.0.0.0 21 ftpd -w -v &
I suspect that chroot is called otherwise and the user does not have a right to do that.
I've started using the Apache web server that comes with OS X (10.9.4) for testing. When I copy files to its web root (/Library/WebServer/Documents) or delete from the same, I get prompted for the admin password. I have this password, so that's not a problem. It's just inefficient. I haven't had this issue when using other installs of Apache (generally via MAMP). So I'm sure it's just a config issue. Any help is appreciated.
This is done to protect the directory, you can add an ACL to allow your user account read/write access to that folder.
You can add the ACL as follows, Please be sure to change "yourshortname" to your username on the computer.
sudo chmod -R +a "yourshortname allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity" /Library/WebServer/Documents
Let me know if it works for you.
I have a MAC slave connected to my Jenkins master via Java WebStart (SSH not working).
I have an administrator user called 'qalab' who has logged into the m/c (it never sleeps).
Node system information is shown as the given image.
Now, I need to launch Safari browser via Selenium.
Whenever i run the test with Safari i get the below exception
java.lang.IllegalStateException: The expected Safari data directory does not exist: /Users/null/Library/Safari
(Chrome and Firefox works fine)
Selenium looks for Safari in /Users/ user.name /Library/Safari
I tried like this.
System.setProperty("webdriver.safari.driver", "/Users/qalab/Library/Safari");
But still, it does not seem to take this path and fails with above exception.
Is there any way to fix this?
Also why does it show the user.name as root. How to change it to my user - 'qalab'?
You really don't want to run your slave as Root (which the above information indicates you are doing). Jenkins slaves have no inherent need to have escalated privileges (we run our Master and Slave with non-administrator accounts) as long as your Jenkins home directory is in someplace they can access. In your case, your Jenkins home directory above appears to be /, which is probably not what you want to do, since you will run into permission problems if you aren't root.
Any directory under your qalab user's home should work, as should any other directory that you create as long as the qalab user has privileges to read/write/execute on it (we tend to use a /Development/Jenkins directory, but that's an historical preference for us).
From one of our slaves:
user.dir /Development/Jenkins
user.home /Users/buildbot
user.name buildbot
Our master is similarly configured, and both work fine for us.
Hudson jobs can be configured to have a post build step which can execute shell commands as an option, accidently or intentionally someone can wipe out the hudson home directory
just by running rm command is there a specific set of permission of home directory
which will prevent such scenario
On Linux, you will likely be running the Hudson process as the "hudson" user. Using a combination of chown and chmod, you can set the permissions on the hudson application server directory such that the hudson user only has read-access of the Hudson application server directory.
Hudson stores all of its file storage in /var/lib/jenkins by default (if you're using the .deb package).
so basically, make sure that the hudson user has recursive write access of that directory, allow hudson read-only access of the other Hudson installation files, and no access over any other file.