Best practices to avoid Jenkins error: sudo: no tty present and no askpass program specified

Question

When running any sudo command from Jenkins I get the following error: sudo: no tty present and no askpass program specified.

I understand that I can solve this by adding a NOPASSWD entry to my /etc/sudoers file which will allow user jenkins to run commands without needing a password. I can add an entry like this:

%jenkins ALL=(ALL)NOPASSWD:/home/me/dir/script.sh 

...but this leads to the following issue: https://stackoverflow.com/questions/17414330/how-to-avoid-specifying-full-path-in-sudoers-file

I can add an entry like this:

%jenkins ALL=NOPASSWD: ALL 

...but this allows user jenkins to avoid the password prompt for ALL commands, which seems a bit unsafe. I'm just curious what my options are here, and if there are any best practices I should consider.

Answer 1

The no tty thing (requiretty in sudoers) is the real issue.

Basically, comment out the following lines in your /etc/sudoers file:

#Defaults    requiretty #Defaults   !visiblepw 

Other ways to get it to work:

Defaults    !requiretty 

Or per user:

Defaults:jenkins !requiretty 

A more detailed answer is this answer to this question on the Unix & Linux Stack Exchange site:

• Why does cron silently fail to run sudo stuff in my script? - Unix & Linux Stack Exchange

Answer 2

One thing you can do is to get Jenkins to run a script, for example 'run.sh', then from inside this script you can start makefiles, and make sure that there are no sudo commands inside the makefiles.

It is a bit of a hassle, but at least you are not risking changing security settings