Run shell command in jenkins as root user?

Question

I have recently started using Jenkins for integration. All was well until I was running jobs on master node without shell command but I have to run jobs on master as well as slave node which contains shell commands to. I am not able to run those shell commands as root user. I have tried

1. Using SSH Keys.
2. Setting user name in shell commands.
3. Using sudo.

I am getting permission denied error every time I use any of the above methods.

Answer 1

I had the same problem, but was not allowed to execute sudo visudo. Instead I created /etc/sudoers.d/jenkins file and put this line in it

jenkins ALL=NOPASSWD:/var/lib/jenkins/scripts/script.sh

Answer 2

I was facing the same issue with the EC2 "Azazon Linux 2023 AMI". I have checked many solutions but unfortunately, nothing works as one step is missing to Overring service configurations.

vi user/lib/systemd/system/jenkins.service. Here in the file need to change the User=root, and Group=root as by default it will be jenkins . Run this systemctl daemon-reload

then

vi /etc/sysconfig/jenkins change the JENKINS_USER="root"

chown -R root:root /var/lib/jenkins

chown -R root:root /var/cache/jenkins

chown -R root:root /var/log/jenkins

After this work like the charm.

Answer 3

Along with all the steps mentioned in the selected answer, I had to do the following:

1. Identify where the Jenkins service file is, on Centos 7/8

   vim /usr/lib/systemd/system/jenkins.service

2. Specify the root user instead of jenkins user

   User=root

   Group=root

Answer 4

Or you can change the permission of docker.sock. Make sure your docker container is running the user as root

docker exec <jenkinsContainerID> chmod 777 /var/run/docker.sock

Answer 5

For Linux try to follow these steps:-

This worked for me.

Change Jenkins user: sudo vi /etc/default/jenkins

Change user root or your user that you use to access to your files: $JENKINS_USER="root"

Execute using the user that you setup before:

sudo chown -R root:root /var/lib/jenkins
sudo chown -R root:root /var/cache/jenkins
sudo chown -R root:root /var/log/jenkins

3. Run as a services:

   service jenkins restart Or
   systemctl jenkins restart

You can execute jenkins has a process and disable headless mode for Linux with UI.

/etc/alternatives/java -Djava.awt.headless=false -DJENKINS_HOME=/var/lib/jenkins -jar /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --httpPort=8080 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20

Validate Jenkins is running currently: ps -ef | grep jenkins

Answer 6

You just need to run the shell command on Linux machine using Root privileges from Jenkins.

Steps :

1) sudo vi /etc/sudoers

2) Add line :

jenkins ALL=NOPASSWD:/path of script/

3) From Jenkins,run the script on remote shell using sudo . for eg : sudo ps -ef

4) Build Jenkins job now. This job runs the script on Linux machine using root privileges.

Answer 7

You need to modify the permission for jenkins user so that you can run the shell commands. You can install the jenkins as as service (download the rpm package), You might need to change the ports because by default it runs http on 8080 and AJP on 8009 port.

Following process is for CentOS
1. Open up the this script (using VIM or other editor):

vim /etc/sysconfig/jenkins

2. Find this $JENKINS_USER and change to “root”:

$JENKINS_USER="root"

3. Then change the ownership of Jenkins home, webroot and logs:

chown -R root:root /var/lib/jenkins
chown -R root:root /var/cache/jenkins
chown -R root:root /var/log/jenkins

4) Restart Jenkins and check the user has been changed:

service jenkins restart
ps -ef | grep jenkins

Now you should be able to run the Jenkins jobs as the root user and all the shell command will be executed as root.

Answer 8

Another option is to set up a jenkins "Slave" that is actually running as root on the master and restrict it to tied jobs, then point your job at that slave. Far from ideal but certainly a quick solution.

Answer 9

I would suggest against running the jenkins user as root. This could expose the operating system and all of the repo's which jenkins can build.

Running any script as root is a security risk, but a slightly safer method would be to grant the jenkins user sudo access to only run the one script, without needing a password.

sudo visudo

and add the following:

jenkins    ALL = NOPASSWD: /var/lib/jenkins/jobs/[job name]/workspace/script

Double check your path via the console log of a failed build script. The one shown here is the default.

Now within the jenkins task you can call sudo $WORKSPACE/your script