Maybe I stated poorly what I was suggesting. Don't allow u1 to sudo to u2 and don't allow u2 to sudo to u1. Create two separate jobs, one that runs as user u1 on the slave that is running as u1, and the other that runs as user u2 on the slave running as u2. Use "copy artifacts" or a similar technique to copy from the u1 job to the u2 job so that the files in the u2 job will always be owned by user u2.
Mark Waite On Thu, Jul 3, 2014 at 6:57 AM, varun srivastava <[email protected]> wrote: > Thanks Mark, > > But running the slave node as u2 would mean that u1 can run any command as > u2 (equivalent to giving complete sudo permission for u2). I have > restriction that u1 can sudo as u2 only for running test command/script. > > > On Thu, Jul 3, 2014 at 6:23 PM, Mark Waite <[email protected]> > wrote: > >> Could you change the requirements a little to simplify? >> >> For example, what if you had a slave that was running as user "u2" and >> performed all its work as user "u2". It could copy the build results from >> the job which had been performed as user "u1", then execute the tests as >> user "u2". >> >> Mark Waite >> >> >> On Thu, Jul 3, 2014 at 6:23 AM, varun srivastava <[email protected] >> > wrote: >> >>> Hi, >>> >>> I have a centralized jenkins setup run as user u1. Different projects >>> are set up on this instance. For running some testcases in some project, >>> application user u2 permission is required. So I have granted permission to >>> u1 to sudo as u2 only for running the test script/command. For example u1 >>> can sudo -u u2 run_test.sh >>> Now the problem is that the workspace is checked out as u1 but the test >>> output files are generated with owner as u2. So I am not able to clean up >>> the workspace as it contains files owned by both u1 and u2 and my cleanup >>> plugin is run as u1. >>> >>> Does any one has any solution for setting this up or do we have a plugin >>> that can clean up the workspace as different user. >>> >>> Summarizing the requirement : >>> >>> 1. Run jenkins as u1 >>> 2. Checkout and build project as u1. >>> 3. Run test cases as u2. Note that u1 will have permission to sudo as u2 >>> only for running restricted set of commands. >>> 4. Able to clean up the workspace post build properly (that may contain >>> files owned by both u1 and u2) >>> >>> Thanks, >>> Varun >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Jenkins Users" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> >>> For more options, visit https://groups.google.com/d/optout. >>> >> >> >> >> -- >> Thanks! >> Mark Waite >> >> -- >> You received this message because you are subscribed to a topic in the >> Google Groups "Jenkins Users" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/jenkinsci-users/mW2Dq0wbzWU/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> [email protected]. >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Thanks, > > Varun Kr Srivastava > mobile- +919666676033 > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- Thanks! Mark Waite -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
