-1

Team, how can i make jenkins a privilege user?

I wrote a dockerfile and successfully built an image but after running a container and I exec in, I cannot run any write command and get Permission denied. so does it imply the user that i added in end jenkins is lacking permissions? if yes, how would I give it proper write permissions? I want jenkins user to be able to have write permissions.

Dockerfile

FROM ubuntu:20.04
USER root
ENV DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
  adduser \
  build-essential \
  ca-certificates \
  curl \
  dnsutils \
  g++ \
  gcc \
  git \
  openjdk-11-jdk-headless \
  python \
  python-dev \
  python-pkg-resources \
  python-setuptools \
  python3 \
  python3-dev \
  python3-pip \
  python3-pkg-resources \
  python3-setuptools \
  software-properties-common \
  unzip \
  wget \
  zip \
  zlib1g-dev \
  && rm -rf /var/lib/apt/lists/* && apt-get clean
RUN addgroup --gid 99 fss
RUN adduser --uid 99 --gid 99 fss
RUN useradd -ms /bin/bash jenkins
WORKDIR /home/jenkins

shell

#!/bin/bash
set -v -e -o pipefail
whoami
cp src/jenkins/ci/sonar-scanner.properties /opt/sonar-scanner/conf/sonar-scanner.properties

container log when I ran above script inside container that started with jenkins.

+whoami
jenkins
+cp src/jenkins/ci/sonar-scanner.properties /opt/sonar-scanner/conf/sonar-scanner.properties
cp: cannot create regular file '/opt/sonar-scanner/conf/sonar-scanner.properties': Permission denied
AhmFM
  • 1,552
  • 3
  • 23
  • 53

1 Answers1

1

You dont have a "CMD", so to run the container you are specifying that with docker run or in your docker-compose.yaml. Maybe also the current user in your container.

Your error is a permission problem.

Execute:

whoami

inside the container.

See which user is running. Maybe you are setting somewhere "jenkins" as user and this has not the sufficient permissions on the folder.

Update:

To perform operations in the Dockerfile you can do like so:

FROM ....
....
USER root
apt update
apt install xxx yyy -y
# if you dont need root access anymore put user jenkins again

USER jenkins

CMD ......

Dont run the container as root in production

Ralle Mc Black
  • 1,065
  • 1
  • 8
  • 16
  • yes `whoami` = `jenkins` so how do I set write permissions to this user in Dockerfile? – AhmFM Jan 03 '23 at 20:13
  • 1
    Why do you expect this user to have write permissions to system locations? The whole point of creating an unprivileged user is that it doesn't. – tripleee Jan 03 '23 at 21:14
  • I have operations to perform inside container, like it checksout repo and updates a server with an analysis it performs. so it needs write permissions. – AhmFM Jan 03 '23 at 21:23
  • @AhmFM i updated my answer , with how to set permissions in the Dockerfile – Ralle Mc Black Jan 03 '23 at 23:15