3

So in short I have a Jenkins job, that need to change user and permissions. SSH-part looks something like this:

ssh -i {$id_rsa} {$user}@{$server} sudo chown -R nobody:nogroup {$root}/{$checkout_path}/

So the issue is that I get an error:

"Pseudo-terminal will not be allocated because stdin is not a terminal.
sudo: no tty present and no askpass program specified"

So I tried single -t, which didn't work, but double should do the trick:

ssh -i {$id_rsa} -t -t {$user}@{$server} sudo chown -R nobody:nogroup {$root}/{$checkout_path}/

So... the real issue is that of some reason the script stops at the line, and just keep on running. Forever I would guess. I let it run for about 15 minutes, which is way to long anyway. No effect on the remote server, and it seems to do pretty much nothing.

Anyone got any ideas of why this happens?

4

2 回答 2

2

所以终于搞定了。正如我之前的评论中提到的(使用 Jenkins 时没有 tty的问题),问题不直接是调用本身。那个詹金斯被要求输入密码的问题,没有出现在输出中。

解决方案是首先纠正 sudoers,然后对调用进行小幅更改(将 nobody:nogroup 替换为 nobody.nogroup):

ssh -i {$id_rsa} {$user}@{$server} sudo chown -R nobody.nogroup {$root}/{$checkout_path}/

所以实际的调用是这样的:

ssh -i /var/opt/jenkins/.ssh/id_rsa -t jenkins@remote.server sudo chown -R nobody.nogroup /var/www/some/directory

Sudoers 现在看起来像:

jenkins ALL=(ALL) NOPASSWD: /bin/chown nobody.nogroup *,/bin/chown -R nobody.nogroup *

附言。我知道让 jenkins 用户在任何地方使用 sudo chown nobody.nogroup 的安全问题。另一方面,使用 /var/www/* 进行限制并没有任何好处,因为无论如何都很容易解决这个问题。因此,出于安全原因,做一些完全不同的事情可能会更好......

于 2013-11-13T09:05:54.000 回答
0

您可能想引用命令行(从 sudo 到行尾)。

另外,bash 变量扩展(如果你的 shell 是 bash)写成 ${var} 而不是 {$var},所以也许试试这个:

ssh -i ${id_rsa} -t -t ${user}@${server} "sudo chown -R nobody:nogroup ${root}/{$checkout_path}/"
于 2013-11-12T19:10:38.213 回答