1

I followed http://blog.manula.org/2013/03/running-jenkins-under-different-user-in.html to run Jenkins under my own user account, because its default system user doesn't have permission to clone from our git repository. However, when I change the user id of jenkins to my uid in the /etc/default/jenkins file, I am getting service unavailable 503 error. I couldn't find any error logs in /var/log/jenkins. Is there any recommended solution?

gm3dmo
  • 10,057
  • 1
  • 42
  • 36
user1373307
  • 11
  • 1
  • 2

1 Answers1

1

I can't agree Manula's suggestion. Changing the user on which a daemon run, that is a very deep change on the system and needs a strong reason.

Jenkins is a java web application, and it seems for me, that you are using a debian/ubuntu or some pre-packaged version. It is normally not the best idea, the distribs are not very good in java repackaging (the problem is, that java has a lot of his auto-downloading, auto-refresing, auto-packaging technologies, for example maven and such, which interferes with the package management of the distros).

So, Jenkins is a simple Java web application, which runs on a tomcat server. I don't know your system, but it seems me as if it run on its own tomcat instance, and everything were coming from your distro. In this case, there should be somewhere some logs of your actual application server, which you can find with some well-directed lsof command.

But in your place I didn't do that. In your place I simply changed the jenkins user back, and gave him access to the git repositories, with some welldirected setfacl, chmod and chown commands as well.

peterh
  • 4,953
  • 13
  • 30
  • 44
  • When you say welldirected chmod and chown, do you refer to the /usr/local/bin folder permission as well ?? Because some of my Execute shell command part in jenkins need access to vagrant up and other vagrant commands. But jenkins user doesn't have access to it. – Jaswanth Manigundan May 09 '17 at 01:25
  • @JaswanthManigundan 1) I don't really agree with my old opinion, I think changing the user is not a very deep change and it can be useful to enhance the security of the system. 2) Also the reason of the lack of the java support is a little bit different. 3) On "well-directed", I understood "properly tuned & parametrized" at the time. 4) I think it is not very good if everything is in /usr/local, they mix together into a mess. 5) Making commands unavailable by permission settings enhances security only minimally. 6) I suggest to ask this as a question. – peterh May 09 '17 at 06:09