i have example code below to create user and add user to globalRoles, but in Jenkins RoleBasedAuthorizationStrategy, i want to assign more detail, so i create item roles and grant each role to each folder belong.
Summary, i want to add user to item roles, can anyone help me?
#!/bin/bash
set -e
role=user
user=$1
echo "Create user: $user"
java -jar /var/lib/jenkins/jenkins-cli.jar -auth user***:111************** -s http://localhost:8080/ groovy = <<EOF
jenkins.model.Jenkins.instance.securityRealm.createAccount("$user", "$user")
com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy.getInstance().doAssignRole("globalRoles", "$role", "$user" )
EOF
Related
How can I change a user privileges on a database, on all tables from consult to select, delete, update, insert, in Informix.
I tried to use something like this
dbaccess DATABASE exec for i in (select table_name from user_tables) loop execute immediate 'grant select,insert,update,delete on '||i.table_name||' to USER'; end loop
But it didn't work.
DB-Access isn't my favourite tool, but it can do the job with some support from a shell script. You end up invoking it twice, once to generate the list of table names and once to process the permissions.
Given the file so-6952-3871.sql containing:
unload to '/dev/stdout'
select tabname
from "informix".systables
where tabid >= 100
and tabtype = 'T';
the shell script so-6952-3871.sh does the job, revoking existing privileges and granting new ones:
#!/bin/sh
#
# #(#)$Id$
#
# Grant select, insert, delete, update permission on all user tables in a database to a named user.
: "${DBACCESS:=dbaccess}"
if [ $# = 0 ]
then
echo "$0: you must specify the database and at least one user" >&2
echo "Usage: $0 database user [...]" >&2
fi
dbase="$1"
shift
if [ $# = 0 ]
then
echo "$0: must specify at least one user" >&2
echo "Usage: $0 database user [...]" >&2
exit 1
fi
$DBACCESS $dbase so-6952-3871.sql |
sed -n '/^\([a-zA-Z0-9_]*\)|$/ s//\1/p' |
while read tabname
do
#echo "Table: $tabname" >&2
for user in "$#"
do
echo "revoke all on $tabname from $user;"
echo "grant select, insert, delete, update on $tabname to $user;"
done
done |
$DBACCESS $dbase -
I've chosen to use the "informix".systables system catalog table since I don't have a table called user_tables in my database. You can refine the selection criteria (for example, to omit the time series tables) as necessary.
Provided you have sufficient permissions to grant and revoke permissions in the database (e.g. as the DBA or as user informix), this should work OK.
Rather than use DB-Access, I'd use my SQLCMD (available from the IIUG Software
Archive), which
I wrote to behave consistently in shell scripting contexts whereas
DB-Access doesn't.
It dates back to 1986 (before there was dbaccess; in those days, you
used isql instead — DB-Access was carved out of isql in an
evening).
It bears no relation to Microsoft's johnny-come-lately program of the
same name — except for the name and having the same general purpose
(manipulate SQL databases). With SQLCMD, there'd be no need for the sed line to ignore noise output from DB-Access on standard output.
I'm starting a python script with supervisord on a linux debian platform. The user selected for executing the script shall depend on the value of an environmental variable. How can i make the field "user=" in a supervisord configuration file conditional?
First, I have added to the supervisor.service an environmental variable SPECIALUSER=myuser (file /lib/systemd/system/supervisor.service)
[Service]
ExecStart=/usr/bin/supervisord -n -c /etc/supervisor/supervisord.conf
ExecStop=/usr/bin/supervisorctl $OPTIONS shutdown
ExecReload=/usr/bin/supervisorctl -c /etc/supervisor/supervisord.conf $OPTIONS reload
KillMode=process
Restart=on-failure
Environment=SPECIALUSER=myuser
Then I try to use the variable inside my supervisord.conf file:
[program:myprogram]
command=python myscript.py
user="if [ %(ENV_SPECIALUSER)s = myuser]; then root; else standarduser; fi"
But I get the following error when i try to reread the supervisord.conf
ERROR: CANT_REREAD: Invalid user name "if [ myuser = myuser ]; then root; else standarduser; fi" in section 'program:myprogram' (file: '/etc/supervisor/conf.d/supervisord.conf')
The environmental variable is interpreted correctly but the bash script, not.
I thought about entering the name of the user directly in the variable Environment=SPECIALUSER=root, but the environmental varialble is not always available.
If the environment variable is set to SPECIALUSER=myuser, I expect supervisor.d to interpret my program as
[program:myprogram]
command=python myscript.py
user=root
In all other cases as
[program:myprogram]
command=python myscript.py
user=standarduser
According to the documentation the user parameter value is never "interpreted" or sent to a shell. This means that it tries to use the entire value as the username.
http://supervisord.org/configuration.html#program-x-section-settings
All parameters aren't interpreted or sent to a shell. This means that you can't insert conditionals generally in parameters in your supervisord.conf.
If your goal is to just use different users on say different platforms or one for development and another on a deploymentserver I suggest creating a dedicated user for the service.
If your goal is to only sometimes run as superuser I suggest always using user=root in your supervisord.conf and wrapping your program in a small shell script that interprets this environment variable and drops privileges accordingly.
This other SO question might help you:
https://unix.stackexchange.com/questions/132663/how-do-i-drop-root-privileges-in-shell-scripts
Hey I am creating user from jenkins-cli:
echo 'jenkins.model.Jenkins.instance.securityRealm.createAccount("newuser", "123456")' | java -jar jenkins-cli.jar -auth admin:adminpass -s http://url:8080/ groovy =
This will create user but as it has no permission so user cant do nothing. What I am trying to do is to add it in a role to. like when user create it get add in a role "devs" too by command line
This works for me on Jenkins 2.204.2 with Role-based Authorization Strategy 2.13.
role=testRole
user=testUser
java -jar /var/jenkins_home/war/WEB-INF/jenkins-cli.jar -s http://localhost:8080/ groovy = <<EOF
jenkins.model.Jenkins.instance.securityRealm.createAccount("$user", "$user")
com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy.getInstance().doAssignRole("globalRoles", "$role", "$user" )
EOF
I've created a jenkins job that lets a user choose a chef environment and a chef role and then it should run a knife search on that environment and that role and to run chef-client on the resulted nodes.
So far, i've had another job that was letting user choose an environment and run chef-client on the machines which result from that query. the code was
#!/bin/bash
echo env=$Environment
cd /chef-repo
machines=$(knife search 'chef_environment:'$Environment -i)
echo "The machines are: $machines"
for i in $machines; do
echo "Updating node $i"
ssh -tt lcsa#$i "sudo chef-client"
done
So to solve my problem, I've tried a query like
machines=$(knife search 'chef_environment:'$Environment AND 'role:'$Role -i)
with the error:
ERROR: knife search failed: invalid search query: ''chef_environment:'test-devops AND 'role:'base'
or I tried:
machines=$(knife search "'chef_environment:'$Environment AND 'role:'$Role" -i)
but i get the error:
ERROR: Chef::Exceptions::InvalidSearchQuery: Invalid search object type nil (NilClass), must be a String or Symbol.Usage: search(:node, QUERY[, OPTIONAL_ARGS]) `knife search environment QUERY (options)`
Could you please enlighten me?
Thank you,
Gabriel
Sounds like you are using shell quotes incorrectly. Try with this:
machines=$(knife search "chef_environment:$Environment AND role:$Role" -i)
Or for your first example:
machines=$(knife search "chef_environment:$Environment" -i)
I created a new user in RHEL7
useradd newuser
When I opened the ~/.bash_profile of this user, the output is
$cat -n ~/.bash_profile
1 # .bash_profile
2
3 # Get the aliases and functions
4 if [ -f ~/.bashrc ]; then
5 . ~/.bashrc
6 fi
7
8 # User specific environment and startup programs
9
10 PATH=$PATH:$HOME/.local/bin:$HOME/bin
11
12 export PATH
$
From where this bash_profile is inherited to the newly added user?
If I need to removing appending of $PATH for the every new user created using useradd. How can I do that ?
From /etc/skel (or SKEL_DIR from -k) as explained in the man page for the -m/--create-home option most likely.
If you don't want that then don't have useradd create the home directory and/or just delete the file after the user is created.