I'm trying right now to create separate user for jenkins on Mac Os and run it with this user.
I've created a new user:
# Create the group
sudo dscl . create /Groups/jenkins
sudo dscl . create /Groups/jenkins PrimaryGroupID 300
# Create the user
sudo dscl . create /Users/jenkins
sudo dscl . create /Users/jenkins PrimaryGroupID 300
sudo dscl . create /Users/jenkins UniqueID 300
sudo dscl . create /Users/jenkins UserShell /bin/bash
# Set the users pasword
sudo dscl . passwd /Users/jenkins 123qweASD
# Add the user to the group
sudo dscl . append /Groups/jenkins GroupMembership jenkins
And the I try to run jenkins as jenkins user:
sudo su - jenkins -c run_jenkins.sh
and got an error:
su: no directory
after I created directory for jenkins user:
sudo dscl . -create /Users/jenkins NFSHomeDirectory /Users/jenkins
followed next error:
su: unknown login: jenkins
General quiestion:
How can I create an _www like user for a daemon, without home directory i.e.
How can I run a script as this new user.
Thanks for help!
man launchd.plist
UserName <string>
This optional key specifies the user to run the job as. This key is only
applicable when launchd is running as root.
GroupName <string>
This optional key specifies the group to run the job as. This key is only
applicable when launchd is running as root. If UserName is set and Group-
Name is not, the the group will be set to the default group of the user.
You may need to use the absolute of run_jenkins.sh (assuming its /Users/jenkins/run_jenkins.sh):
sudo su - jenkins -c /Users/jenkins/run_jenkins.sh
su - emulates a normal login, and hence requires that the account be set up for regular logins (have a shell and home directory defined, etc). Unless you need this for some reason, just let sudo do it:
sudo -u jenkins run_jenkins.sh
Related
I am trying to follow this post, adding the current user to the Docker group:
sudo usermod -aG docker $(whoami)
but of course, there is no usermod command on macOS:
-bash: usermod: command not found
Now I was wondering if there is an equivalent of the above command on macOS? Probably using dscl?
P.S.1. I have used these instructions to set up Docker and docker-machine.
P.S.2. This question is not about Visual Studio Code (VSCode)
in particular, but if I open a new terminal and run eval "$(docker-machine env default)" and then run VSCode with code the problem is solved.
This question, as others have also pointed out, is irrelevant. The process of adding a user to the docker group is only necessary on Linux where sudo privileges are required to run Docker commands, as explained here. On macOS, and using docker-machine, that is unnecessary.
But if one wants to add a user, or more specifically the current user, to the docker user group, for whatever reason, here are the instructions:
List the existing user groups with dscl . list /groups from here
To create a user group, if it doesn't exist use the command sudo dscl . create /Groups/<groupName> from here.
In the context of this discussion the <groupName> could be replaced with docker.
To add a user to a group one can use the command sudo dseditgroup -o edit -a <userName> -t user <groupName>. from here or sudo dscl . append /Groups/<groupName> GroupMembership <userName> from here.
One can replace the <userName> with $USER or $(whoami) to refer to the current user.
To test and see if the expected user has been added o the specific group one can use the command dscl . -read /Groups/<groupName> GroupMembership to list all the remembers. However, it is not guaranteed to deliver the correct result, as explained here.
And the another issue with the Visual Studio Code, also has barely anything to do with the user groups. By running the eval "$(docker-machine env <dockerMachineName>)" in a new terminal, and running the code editor from inside the terminal, the Docker extension works just fine.
I also had to write sudo on mac to run docker commands (I don't know why). Thanks to Foad S. Farimani explanation I fixed it.
I just want to add commands which are ready for using.
First one creates docker group.
Second one adds current user into docker group.
sudo dscl . create /Groups/docker
sudo dseditgroup -o edit -a $USER -t user docker
If you need something different read Foad S. Farimani answer.
I'm having some issues installing Postgres and have been trying a few different approaches. I eventually followed this approach which meant I had to run the following command in terminal...
sudo dscl . -create /Users/postgres UserShell /bin/sh
sudo dscl . -create /Users/postgres NFSHomeDirectory /Library/PostgreSQL
However, this did not resolve issue I'm having with installing Postgres.
I then attempted to added postgres users via system preference but ran into the error of "Name already used by another user". However I cannot see this users!
.
How can I effectively delete the postgres user created in the above command? The goal is to add the users via system preferences instead.
I can see the hidden user by using this command:
dscl . -list /Users
I figured it out.
sudo /usr/bin/dscl . -delete "/Users/postgres"
I am trying to run shell build command on mac but I get permission denied for e.g. ls /Users/... command.
I see whoami is jenkins, which is different for my uesr login?
I read online I need to run chmod for jenkins user, how do I do that?
I changed file permission using chmod 777?
Do I need to change jenkins user?
In linux, e.g. ubuntu, you can add user jenkins to the root group:
sudo usermod -a -G root jenkins
Then restart jenkins:
sudo service jenkins restart
Be aware that, adding jenkins user to root group can make the user too powerful, use with caution
Maybe you have a problem that jenkins is not a full user. Try this:
Create a user for Jenkins
It’s best to run Jenkins as it’s own user (it can then be limited in the permissions it has), and you’ll want to create a standard (full) user for it.
You can do this through System Preferences, the Server Manager or the command line.
For a local user:
# create an applications group
dseditgroup -o create -n . -u username -p -r ‘Applications’ applications
# get the id for that group
sudo dscl . -read /Groups/applications
# find a unique identifier to give the user
sudo dscl . -list /Users UniqueID
# create the jenkins user
sudo dscl . -create /Users/jenkins
sudo dscl . -create /Users/jenkins PrimaryGroupID 505
sudo dscl . -create /Users/jenkins UniqueID 1026
sudo dscl . -create /Users/jenkins UserShell /bin/bash
sudo dscl . -create /Users/jenkins RealName "Jenkins"
sudo dscl . -create /Users/jenkins NFSHomeDirectory /Users/jenkins
sudo dscl . -passwd /Users/jenkins
# create and set the owner of the home directory
sudo mkdir /Users/jenkins
sudo chown -R jenkins /Users/jenkins
I found this here: installing jenkins on OS X Yosemite
In my case, the folder was inside a NFS/Samba/Webdav share, which these scripts seem not able to handle.
I created a real folder in my fs and linked it to a subdir in the shared folder. That way, no permission denied errors occur anymore.
Jenkins user won't have permissions to run a non jenkins user folders or files. Use either to run as some other user in the shell (assuming linux OS) or copy the folders or contents to jenkins default folder.
sh '''
su - - << EOF
Commands to run
'''
OR
copy folders to jenkins default folder
cp -rp <folder/files/related scripts to run> </usr/lib/jenkins/>
open terminal
sudo nano /etc/sudoers
at the end of the file add the following statements:
Jenkins ALL=(ALL) NOPASSWD: ALL
Save and exit
I had the same issue in Windows, where the only user is tadmin and Jenkins running from CMD with elevated/admin privileges.
I am using "content replace plugin" - it runs only once and after that says the file is locked, however Unlocker and other utils do not show anything and yet I cannot delete or rename that file. Restarting Jenkins service and reloading did not help, file was still locked. Only a reboot released the file.
It ended up by using powershell plugin to change content of the file - this runs without issues (some tweaking needed to use jenkins variables and double quotes)
For example, to replace 'img src' -> 'img title="branch, build..." src'
powershell -Command "(gc ad/bootstrapheader.jsp) -replace 'img src', 'img title=""""branch: $env:GIT_BRANCH; build: $env:BUILD_ID"""""" src' | Out-File ad/bootstrapheader.jsp"
Using Mac Yosemite 10.10.3
I have Jenkins installed on my mac which integrates with other applications and there is an important folder to which access should be present for all jenkins users. This can be achieved by adding them to its 'User and Group', and give them read, write access(Right click a folder/Get info/Sharing and permissions on bottom/that '+' symbol).
My question in short : To cut short, jenkins users should have access to that folder and should be present in 'User and Group' of that folder(Just as shown in the image below).
The above permission was given manually and I want to do that using a script which can be stored and invoked when needed.
(Am novice to shell scripting and to mac).
If only the jenkins user need to access this folder with a R/W access, you can use the following commands:
sudo chown -R jenkins YOUR_FOLDER (set jenkins as the folder owner)
sudo chmod -R 755 YOUR_FOLDER (jenkins will have a R/W access, read for all the other users)
Update from June 16th 2015
This is a second solution to create a group build_users, add the jenkins user to this group and update the folder permissions.
-- Create the build_users group (with the ID 3333)
sudo dscl . -create /groups/build_users PrimaryGroupID 3333
-- Add the jenkins user in this group
sudo dseditgroup -o edit -a jenkins -t user build_users
-- Make the group build_users owner of the folder
sudo chown -R :build_users my_folder
-- Give R/W permissions to the group build_users
sudo chmod -R g=rw my_folder
Trying to change the group for a file on OSX to root, keep getting an illegal group name error though.
Looked around and all the demos match what I'm using. Am I missing something here?
Tried to create a group with dscl as well with the same result
Command: dscl . -create /Groups/root
Command: sudo chown root:root $file
Error: chown: root: illegal group name
When I had this issue (macos 10.12.x) I needed one final command for the initial command to work and no longer throw the
illegal group
error.
dscl . -create /Groups/groupName GroupMembership userName
I had done the PrimaryGroup command which didn't work until the command above was added.