因此,我遵循了教程将已经配置好的 Jenkins 迁移到 Docker 容器内,效果很好。
在本教程的最后,我启动了以下命令:
sudo chmod -R 777 ~/jenkins/
为了避免任何用户权限问题,这种方法效果很好,但似乎是一种相当糟糕的解决方法,可能会导致生产环境中的漏洞。
在教程中,Yuri Kushch 写道,我可以
将文件夹映射到正确的用户
所以这让我想知道我应该将文件/文件夹映射到哪个用户。
为此,我首先查看了原始 JENKINS_HOME 目录中的权限和所有者:
$ ls -l /var/lib | grep jenkins
drwxr-xr-x 15 jenkins jenkins 4096 Okt 30 09:01 jenkins
$ ls -l /var/lib/jenkins
total 104
-rw-r--r-- 1 jenkins jenkins 1644 Okt 30 09:01 config.xml
-rw-r--r-- 1 jenkins jenkins 156 Okt 30 09:01 hudson.model.UpdateCenter.xml
-rw-r--r-- 1 jenkins jenkins 370 Okt 25 09:46 hudson.plugins.git.GitTool.xml
-rw------- 1 jenkins jenkins 1712 Okt 25 09:31 identity.key.enc
drwxr-xr-x 3 root root 4096 Okt 29 11:40 jenkins
-rw-r--r-- 1 jenkins jenkins 94 Okt 25 09:31 jenkins.CLI.xml
-rw-r--r-- 1 jenkins jenkins 7 Okt 25 09:48 jenkins.install.InstallUtil.lastExecVersion
-rw-r--r-- 1 jenkins jenkins 7 Okt 25 09:48 jenkins.install.UpgradeWizard.state
-rw-r--r-- 1 jenkins jenkins 179 Okt 25 09:48 jenkins.model.JenkinsLocationConfiguration.xml
-rw-r--r-- 1 jenkins jenkins 171 Okt 25 09:31 jenkins.telemetry.Correlator.xml
drwxr-xr-x 3 jenkins jenkins 4096 Okt 25 09:49 jobs
drwxr-xr-x 3 jenkins jenkins 4096 Okt 25 09:31 logs
-rw-r--r-- 1 jenkins jenkins 907 Okt 30 09:01 nodeMonitors.xml
drwxr-xr-x 2 jenkins jenkins 4096 Okt 25 09:30 nodes
-rw-r--r-- 1 jenkins jenkins 46 Okt 25 15:00 org.jenkinsci.plugins.workflow.flow.FlowExecutionList.xml
drwxr-xr-x 82 jenkins jenkins 12288 Okt 25 10:07 plugins
-rw-r--r-- 1 jenkins jenkins 193 Okt 25 09:44 proxy.xml
-rw-r--r-- 1 jenkins jenkins 129 Okt 29 14:54 queue.xml.bak
-rw-r--r-- 1 jenkins jenkins 64 Okt 25 09:30 secret.key
-rw-r--r-- 1 jenkins jenkins 0 Okt 25 09:30 secret.key.not-so-secret
drwx------ 4 jenkins jenkins 4096 Okt 25 14:59 secrets
drwxr-xr-x 2 jenkins jenkins 4096 Okt 29 09:12 updates
drwxr-xr-x 2 jenkins jenkins 4096 Okt 25 09:31 userContent
drwxr-xr-x 3 jenkins jenkins 4096 Okt 25 09:48 users
drwxr-xr-x 2 jenkins jenkins 4096 Okt 25 09:46 workflow-libs
然后我查看了我在新的 JENKINS_HOME 中拥有哪些权限/所有者:
$ ls -l | grep jenkins
drwxrwxrwx 4 jenkins root 4096 Okt 30 09:44 jenkins
$ ls -l ~/jenkins/data
total 108
-rw-r--r-- 1 root root 1644 Okt 30 09:45 config.xml
-rw-r--r-- 1 root root 156 Okt 30 09:45 hudson.model.UpdateCenter.xml
-rw-r--r-- 1 root root 370 Okt 30 09:45 hudson.plugins.git.GitTool.xml
-rw------- 1 root root 1712 Okt 30 09:45 identity.key.enc
drwxr-xr-x 3 root root 4096 Okt 30 09:45 jenkins
-rw-r--r-- 1 root root 94 Okt 30 09:45 jenkins.CLI.xml
-rw-r--r-- 1 root root 7 Okt 30 09:45 jenkins.install.InstallUtil.lastExecVersion
-rw-r--r-- 1 root root 7 Okt 30 09:45 jenkins.install.UpgradeWizard.state
-rw-r--r-- 1 root root 179 Okt 30 09:45 jenkins.model.JenkinsLocationConfiguration.xml
-rw-r--r-- 1 root root 171 Okt 30 09:45 jenkins.telemetry.Correlator.xml
drwxr-xr-x 3 root root 4096 Okt 30 09:45 jobs
drwxr-xr-x 3 root root 4096 Okt 30 09:45 logs
-rw-r--r-- 1 root root 907 Okt 30 09:45 nodeMonitors.xml
drwxr-xr-x 2 root root 4096 Okt 30 09:45 nodes
-rw-r--r-- 1 root root 46 Okt 30 09:45 org.jenkinsci.plugins.workflow.flow.FlowExecutionList.xml
drwxr-xr-x 82 root root 12288 Okt 30 09:45 plugins
-rw-r--r-- 1 root root 193 Okt 30 09:45 proxy.xml
-rw-r--r-- 1 root root 129 Okt 30 09:45 queue.xml
-rw-r--r-- 1 root root 129 Okt 30 09:45 queue.xml.bak
-rw-r--r-- 1 root root 64 Okt 30 09:45 secret.key
-rw-r--r-- 1 root root 0 Okt 30 09:45 secret.key.not-so-secret
drwx------ 4 root root 4096 Okt 30 09:45 secrets
drwxr-xr-x 2 root root 4096 Okt 30 09:45 updates
drwxr-xr-x 2 root root 4096 Okt 30 09:45 userContent
drwxr-xr-x 3 root root 4096 Okt 30 09:45 users
drwxr-xr-x 2 root root 4096 Okt 30 09:45 workflow-libs
因此我使用此命令来更改权限并使其与在旧目录中一样:
sudo chown jenkins:jenkins -R $(ls | awk '{if($1 != "jenkins"){ print $1 }}')
它给出了与我原来的 JENKINS_HOME 相同的输出。但是当我在浏览器上连接到 Jenkins 端口时,我只看到一个空白页。
我在权限更改中遗漏了什么?还有其他正确设置权限/所有者的方法吗?或者第一个解决方法是否足够安全?
感谢您的帮助!