{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 叛逆 的问题《Jenkins Run as Specific User not working》','https://www.manongdao.com/q-964687.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to get Jenkins to run jobs as specific linux Users.
I have set security to use Unix authentication and installed the "Authorize Project" plugin.
I have written a simple script in my ~/bin directory that sends me an email with the message "Hello $USER".
In Jenkins I set up a job and use the Authorize Project plugin to select run as specific user and my username.
When I try to create a build the job fails. If I look at the output console the messages say that the job has been started by my user, that the job has been run by me. But then the job fails because the script is actually run by user jenkins which doesn't have all the required permissions (nor environment variables set).
Am I doing something wrong? How can I fix this?
The "Authorize Project" plugin does not change the OS level user that is running commands. It only sets the Jenkins user that is running the job and any downstream jobs, using Jenkins authentication (whatever it might be).
For example: Job A can be run by user Alpha and Beta, Job A runs Job B, and Job B can only be run by Alpha.
Normally, Alpha or Beta can run Job A, which will run Job B no problem, because Job B would be run as the System User by default.
But in some situations, maybe you want to enforce that Beta cannot run Job B, regardless of how they start the process. So Job A could be set to "Run as the user who triggered the build". When Beta runs Job A, Job A won't be able to run Job B, since the enforced user is Beta and Beta can't run Job B.
Or the reverse: Beta isn't allowed to run Job B directly. But if they run some specific process (run Job A), then they can run Job B indirectly. Setting Job A to "Run as the specified user" and specifying a user (such as Alpha) that can run Job B will allow Beta to run Job B via Job A.