[
https://issues.jenkins-ci.org/browse/JENKINS-11891?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
francis Upton resolved JENKINS-11891.
-------------------------------------
Assignee: francis Upton (was: Kohsuke Kawaguchi)
Resolution: Duplicate
I think this is taken care of with the fix to JENKINS-5867, we don't write
anything to the root directory any longer and we are able to run instances with
a non-root user.
> EC2 plugin's ssh library causing failures
> -----------------------------------------
>
> Key: JENKINS-11891
> URL: https://issues.jenkins-ci.org/browse/JENKINS-11891
> Project: Jenkins
> Issue Type: Bug
> Components: ec2
> Affects Versions: current
> Environment: Amazon Linux AMI (32-bit)
> Reporter: Ruben Orduz
> Assignee: francis Upton
> Labels: EC2, Jenkins
>
> The ssh library of Jenkins EC2 is trying to copy files from the root's
> directory to other parts. Many "secure" Linux distributions now disallow
> copying anything into or out of the root's directory -- even if done with
> super user privileges.
> Looking at
> https://github.com/jenkinsci/ec2-plugin/blob/master/src/main/java/hudson/plugins/ec2/ssh/EC2UnixLauncher.java,
> line 157 seems to be the offending line.
> Is there a reason why we need to copy those files to the root directory
> (specially if we're using a non-root superuser)?
> Actually I think this brings a bigger issue: why do we need to use superuser
> to activate root to then do the work as root? sudoers (specially those that
> come by default on EC2 instances) have sufficient privileges to
> install/remove/run just about anything in the instance. Trying to backdoor to
> root doesn't seem the most graceful of approaches.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
