Run shell command in jenkins as root user?

16
votes

I have recently started using Jenkins for integration. All was well until I was running jobs on master node without shell command but I have to run jobs on master as well as slave node which contains shell commands to. I am not able to run those shell commands as root user. I have tried

  1. Using SSH Keys.
  2. Setting user name in shell commands.
  3. Using sudo.

I am getting permission denied error every time I use any of the above methods.

5
linuxshelljenkinsroot

5 Answers

30
votes

You need to modify the permission for jenkins user so that you can run the shell commands. You can install the jenkins as as service (download the rpm package), You might need to change the ports because by default it runs http on 8080 and AJP on 8009 port.



Following process is for CentOS
1. Open up the this script (using VIM or other editor):

vim /etc/sysconfig/jenkins

2. Find this $JENKINS_USER and change to “root”:

$JENKINS_USER="root"

3. Then change the ownership of Jenkins home, webroot and logs:

chown -R root:root /var/lib/jenkins
chown -R root:root /var/cache/jenkins
chown -R root:root /var/log/jenkins

4) Restart Jenkins and check the user has been changed:

service jenkins restart
ps -ef | grep jenkins

Now you should be able to run the Jenkins jobs as the root user and all the shell command will be executed as root.

42
votes

I would suggest against running the jenkins user as root. This could expose the operating system and all of the repo's which jenkins can build.

Running any script as root is a security risk, but a slightly safer method would be to grant the jenkins user sudo access to only run the one script, without needing a password.

sudo visudo

and add the following:

jenkins    ALL = NOPASSWD: /var/lib/jenkins/jobs/[job name]/workspace/script

Double check your path via the console log of a failed build script. The one shown here is the default.

Now within the jenkins task you can call sudo $WORKSPACE/your script

1
votes

Another option is to set up a jenkins "Slave" that is actually running as root on the master and restrict it to tied jobs, then point your job at that slave. Far from ideal but certainly a quick solution.

1
votes

For Linux try to follow these steps:-

It worked for me.

  1. sudo vi /etc/default/jenkins

  2. $JENKINS_USER="root"

  3. sudo chown -R root:root /var/lib/jenkins

    sudo chown -R root:root /var/cache/jenkins

    sudo chown -R root:root /var/log/jenkins

  4. service jenkins restart ps -ef | grep jenkins

-2
votes

You just need to run the shell command on Linux machine using Root privileges from Jenkins.

Steps :

1) sudo vi /etc/sudoers

2) Add line :

jenkins ALL=NOPASSWD:/path of script/

3) From Jenkins,run the script on remote shell using sudo . for eg : sudo ps -ef

4) Build Jenkins job now. This job runs the script on Linux machine using root privileges.