46

I have been trying to follow tutorials and this one: Deploy as Jenkins User or Allow Jenkins To Run As Different User?

but I still can't for the love of the computing gods, run as a different user. Here are the steps of what I did:

  1. download the macosx pkg for jenkins(LTS)
  2. setup plugins etc and git
  3. try to build it

I keep getting a can't clone error because jenkins keeps starting as anonymous:

Started by user anonymous

How do I set it up so that jenkins runs as me? I was using the jenkins web UI so it was in localhost:8080

I tried logging in also using /login but I can't even login using my name or as root.

The people tab doesn't even have a create user link, so yeah I've been stuck. Help please?

Community
  • 1
  • 1
corroded
  • 21,406
  • 19
  • 83
  • 132
  • setting up jenkins as another user turned out to be too painful for me. it meant codesign-provisioning-keychain-hell. I switched to using jenkins-app as sti suggested below. http://stackoverflow.com/a/9831634/300694 – vinzenzweber Apr 04 '12 at 08:26

6 Answers6

44

The "Issue 2" answer given by @Sagar works for the majority of git servers such as gitorious.

However, there will be a name clash in a system like gitolite where the public ssh keys are checked in as files named with the username, ie keydir/jenkins.pub. What if there are multiple jenkins servers that need to access the same gitolite server?

(Note: this is about running the Jenkins daemon not running a build job as a user (addressed by @Sagar's "Issue 1").)

So in this case you do need to run the Jenkins daemon as a different user.

There are two steps:

Step 1

The main thing is to update the JENKINS_USER environment variable. Here's a patch showing how to change the user to ptran.

BEGIN PATCH 
--- etc/default/jenkins.old     2011-10-28 17:46:54.410305099 -0700
+++ etc/default/jenkins 2011-10-28 17:47:01.670369300 -0700
@@ -13,7 +13,7 @@
 PIDFILE=/var/run/jenkins/jenkins.pid

 # user id to be invoked as (otherwise will run as root; not wise!)
-JENKINS_USER=jenkins
+JENKINS_USER=ptran

 # location of the jenkins war file
 JENKINS_WAR=/usr/share/jenkins/jenkins.war
--- etc/init.d/jenkins.old      2011-10-28 17:47:20.878539172 -0700
+++ etc/init.d/jenkins  2011-10-28 17:47:47.510774714 -0700
@@ -23,7 +23,7 @@

 #DAEMON=$JENKINS_SH
 DAEMON=/usr/bin/daemon
-DAEMON_ARGS="--name=$NAME --inherit --env=JENKINS_HOME=$JENKINS_HOME --output=$JENKINS_LOG -   -pidfile=$PIDFILE" 
+DAEMON_ARGS="--name=$JENKINS_USER --inherit --env=JENKINS_HOME=$JENKINS_HOME --output=$JENKINS_LOG --pidfile=$PIDFILE" 

 SU=/bin/su
END PATCH

Step 2

Update ownership of jenkins directories:

chown -R ptran /var/log/jenkins
chown -R ptran /var/lib/jenkins
chown -R ptran /var/run/jenkins
chown -R ptran /var/cache/jenkins

Step 3

Restart jenkins

sudo service jenkins restart
Marcin Koziński
  • 10,835
  • 3
  • 47
  • 61
Peter Tran
  • 1,626
  • 1
  • 17
  • 26
  • Hi Peter, I have exactly the same problem, but I have it installed on redhat and the only thing that I have is the /etc/init.d/jenkins and the /etc/sysconfig/jenkins (is an xml file) would u advice to do as you have above shown for users on redhat too? – 7dr3am7 Jan 18 '12 at 22:19
  • @7dr3am7: I can't say for sure, my company standardized on Ubuntu so I haven't been on a RedHat system for quite some time. Does the `/etc/sysconfig/jenkins` look like this : [jenkins.sysconfig.in](https://github.com/jenkinsci/jenkins/blob/master/rpm/SOURCES/jenkins.sysconfig.in) ? If so then you can try updating the JENKINS_USER variable and then update `/etc/init.d/jenkins` similar to my patch above. – Peter Tran Jan 19 '12 at 07:05
  • Hi Peter! Yes, that is what I am looking for! Last question: Do I need to give the pwd of the user too? (Which it does seem legitimate) – 7dr3am7 Jan 19 '12 at 10:52
  • @7dr3am7: No, I was able to do this without needing the password of the user ('ptran' in my example). – Peter Tran Feb 08 '12 at 02:07
  • Hi Peter, regarding "I was not able to do this via Manage Jenkins > Configure System as suggested in @Sagar's "Issue 1", I was talking about running a build job as a user, not the Jenkins daemon. If you see issue 1, it is related to builds being run by anonymous, not the daemon itself. – Sagar Mar 15 '12 at 15:11
  • Hi Sagar, ah yes, you are right. I updated that part of my answer. – Peter Tran Mar 19 '12 at 21:24
  • I needed to chown `/var/run/jenkins` and `/var/cache/jenkins` as well. Wouldn't work without that. – Marcin Koziński Jul 19 '12 at 13:15
  • I still get an error: **Unable to create the home directory ‘JENKINS_HOME’. This is most likely a permission problem.** – IgorGanapolsky Jan 27 '17 at 20:10
  • I try to do it for Debian. Did not understand what have I to do with DAEMON_ARGS? – BT3 Apr 07 '20 at 03:53
  • BT3, with DAEMON_ARGS, the change is to use set the 'name' parameter to $JENKINS_USER, which in the patch has been modified to be the username that you want jenkins to run as. I wish I could be more helpful but if this is not working on Debian I don't know what else to do. – Peter Tran Apr 15 '20 at 06:21
29

ISSUE 1:

Started by user anonymous

That does not mean that Jenkins started as an anonymous user.

It just means that the person who started the build was not logged in. If you enable Jenkins security, you can create usernames for people and when they log in, the 

"Started by anonymous"

will change to 

"Started by < username >".

Note: You do not have to enable security in order to run jenkins or to clone correctly.

If you want to enable security and create users, you should see the options at Manage Jenkins > Configure System.

ISSUE 2:

The "can't clone" error is a different issue altogether. It has nothing to do with you logging in to jenkins or enabling security. It just means that Jenkins does not have the credentials to clone from your git SCM.

Check out the Jenkins Git Plugin to see how to set up Jenkins to work with your git repository.

Hope that helps.

Nathan Smith
  • 683
  • 1
  • 10
  • 24
Sagar
  • 9,456
  • 6
  • 54
  • 96
  • that was what i was reading but then I was totally dumbfounded on how to set the user to myself, as apparently it was running as "daemon". I finally figured it out when i sort of clicked the "started by anonymous"(anonymous was a link) and it sent me to the user setup screen. i guess the UI is just not stupid friendly :P thanks for the tip! – corroded Jul 14 '11 at 14:25
  • @sti has a great solution - see 'jenkins-app' below. – Gonen Sep 27 '12 at 10:30
  • An explanation for the downvote would be nice, thanks. – Sagar Jan 18 '16 at 17:57
10

On Mac OS X, the way I enabled Jenkins to pull from my (private) Github repo is:

First, ensure that your user owns the Jenkins directory

sudo chown -R me:me /Users/Shared/Jenkins

Then edit the LaunchDaemon plist for Jenkins (at /Library/LaunchDaemons/org.jenkins-ci.plist) so that your user is the GroupName and the UserName:

    <key>GroupName</key>
    <string>me</string>
...
    <key>UserName</key>
    <string>me</string>

Then reload Jenkins:

sudo launchctl unload -w /Library/LaunchDaemons/org.jenkins-ci.plist
sudo launchctl load -w /Library/LaunchDaemons/org.jenkins-ci.plist

Then Jenkins, since it's running as you, has access to your ~/.ssh directory which has your keys.

commanda
  • 4,841
  • 1
  • 25
  • 34
  • Hi Commanda, Additionally you will need to change permissions too `sudo chmod -R 755 /path/to/folder` Additionally uou will need to change the configuration file containing the jenkins user – 7dr3am7 Feb 22 '12 at 08:47
  • @7dr3am7.. Which file permissions need to be changed? And where is the configuration and what changes need to be done? I am getting following error "stderr: Host key verification failed. " – Shri Jun 20 '12 at 05:40
  • After performing the GroupName and UserName changes, i get this: launchctl: Dubious permissions on file (skipping): /Library/LaunchDaemons/org.jenkins-ci.plist nothing found to load Which is not unexpected, how can someone just 'use' your account? there's no authorization anywhere. Jenkins probably needs your password or something, where can we put that? – Michahell Oct 27 '12 at 16:50
  • What you need to do after adding your username to GroupName and UserName is this: http://apple.stackexchange.com/questions/63857/launchctldubious-permissions-on-file-problem-installing-jenkins 'god bless' other people for knowing- and wanting to know how OS'es work. because i'm glad i don't! what a ginormous amount of stupid rules and authorization stuff you should know to perform a simple operation. – Michahell Oct 27 '12 at 16:56
  • You get a gold star. After a few hours of trying different solutions, this was the simplest to implement and it worked the first time. I can go home now. – sean808080 Apr 17 '14 at 20:48
9

If you really want to run Jenkins as you, I suggest you check out my Jenkins.app. An alternative, easy way to run Jenkins on Mac.

See https://github.com/stisti/jenkins-app/

Download it from https://github.com/stisti/jenkins-app/downloads

sti
  • 11,047
  • 1
  • 27
  • 27
  • after hours of trying to run jenkins with its standard installation I gave up and switched to your solution. I will give more feedback as soon as I know how it goes. – vinzenzweber Apr 04 '12 at 08:24
  • 1
    Excellent! Solved all of my configuration issues. If you are on a Mac, this is the way to go! – bigspotteddog Jun 02 '12 at 21:27
  • After making and opening the app, I get: '“Jenkins” is damaged and can’t be opened. You should move it to the Trash.' Given that this answer and the project on github are both 5 years old, this seems like a dead end. – clozach Apr 12 '17 at 17:31
1

To run jenkins as different user on ubuntu os you need to change below things.

Update below two lines in /etc/default/jenkins file

JENKINS_USER=$USERNAME

JENKINS_GROUP=$NAME

In our case we set user as ubuntu.

#JENKINS_USER=$NAME
#JENKINS_GROUP=$NAME
JENKINS_USER="ubuntu"
JENKINS_GROUP="ubuntu"

Update below two lines in /lib/systemd/system/jenkins.service file

User=jenkins

Group=jenkins

In our case we set user as ubuntu.

#User=jenkins
#Group=jenkins
User=ubuntu
Group=ubuntu

Change file ownership of jenkins owned folders.

sudo chown -R ubuntu:ubuntu /var/lib/jenkins
sudo chown -R ubuntu:ubuntu /var/cache/jenkins
sudo chown -R ubuntu:ubuntu /var/log/jenkins

After above changes run below command to reload systemctl

sudo systemctl daemon-reload

Now you can restart jenkins

sudo systemctl restart jenkins.service
Suraj Singh Rathore
  • 892
  • 7
  • 9
-2

you can integrate to LDAP or AD as well. It works well.

sharp
  • 633
  • 3
  • 12
  • 21