Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Best practices to avoid Jenkins error: sudo: no tty present and no askpass program specified

Tags:

linux

sudo

jenkins

ubuntu

When running any sudo command from Jenkins I get the following error: sudo: no tty present and no askpass program specified.

I understand that I can solve this by adding a NOPASSWD entry to my /etc/sudoers file which will allow user jenkins to run commands without needing a password. I can add an entry like this:

%jenkins ALL=(ALL)NOPASSWD:/home/me/dir/script.sh

...but this leads to the following issue: https://stackoverflow.com/questions/17414330/how-to-avoid-specifying-full-path-in-sudoers-file

I can add an entry like this: 

%jenkins ALL=NOPASSWD: ALL

...but this allows user jenkins to avoid the password prompt for ALL commands, which seems a bit unsafe. I'm just curious what my options are here, and if there are any best practices I should consider.

like image 726
s g Avatar asked Jul 01 '13 22:07

s g

People also ask

How do I fix Sudo no tty present and no Askpass specified error?

If you have a single (or multi, but not ALL) command sudoers entry, you'll get the sudo: no tty present and no askpass program specified when the command is not part of your path (and the full path is not specified). You can fix it by either adding the command to your PATH or invoking it with an absolute path, i.e.

What is Askpass in Linux?

Introduction to ssh-askpass The ssh-askpass is a generic executable name for many packages, with similar names, that provide a interactive X service to grab password for packages requiring administrative privileges to be run. It prompts the user with a window box where the necessary password can be inserted.

How do I get to Sudoers file?

However, your username must be in the sudoers file. You can find the sudoers file in “/etc/sudoers”. Use the “ls -l /etc/” command to get a list of everything in the directory. Using -l after ls will give you a long and detailed listing.

2 Answers

The no tty thing (requiretty in sudoers) is the real issue.

Basically, comment out the following lines in your /etc/sudoers file:

#Defaults    requiretty #Defaults   !visiblepw

Other ways to get it to work:

Defaults    !requiretty

Or per user:

Defaults:jenkins !requiretty

A more detailed answer is this answer to this question on the Unix & Linux Stack Exchange site:

  • Why does cron silently fail to run sudo stuff in my script? - Unix & Linux Stack Exchange
like image 102
Electrawn Avatar answered Sep 19 '22 13:09

Electrawn

One thing you can do is to get Jenkins to run a script, for example 'run.sh', then from inside this script you can start makefiles, and make sure that there are no sudo commands inside the makefiles.

It is a bit of a hassle, but at least you are not risking changing security settings

like image 35
serup Avatar answered Sep 19 '22 13:09

serup
Sign in to Comment

Related questions

How to change(Hide) the Nginx Server Signature?
ImportError: libtk8.6.so: cannot open shared object file: No such file or directory
Where can I find and install the dependencies for pygame?
How can I find out which PHP script a process is running in Linux?
for each dir create a tar file
A process command in top
Running PHP code/scripts on the command line
shell_exec() returning null on "ls"
VS Code N: Skipping acquire of configured file 'main/binary-arm64/Packages' [closed]
How to find a Java thread running on Linux with ps -axl?
How to send a html email with the bash command "sendmail"?
Linux Shellcode "Hello, World!"
Cron with notify-send
Comprehending 'top' CPU usage [closed]
Measure disk space of certain file types in aggregate
What is a way to read man pages in Vim without using temporary files
Why does my Eclipse Luna 4.4 crash on Debian Wheezy 7.4 with Oracle JDK8 64bit?
How do I clear the console in BOTH Windows and Linux using C++
Why crontab uses OR when both day of month and day of week specified?
What's going on in __libc_start_main?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!