We have a linux system that we do not have full control of. Basically we cannot modify sudoers file there (it is on a remote, read only file system).
Our "solution" for hudson user to have sudo privileges was to add this user to sudo group in /etc/group file. With this approach I can execute sudo as hudson user once I ssh to the machine. However, when I try to execute sudo from a Hudson job on this system, I get the following error:
+ id
uid=60000(hudson) gid=60000(hudson) groups=60000(hudson),31(sudo)
+ cat passfile
+ sudo -S -v
Sorry, user hudson may not run sudo on sc11136681.
+ cat passfile
+ sudo -S ls /root
hudson is not allowed to run sudo on sc11136681. This incident will be reported.
The above is trying to execute:
cat passfile | sudo -S -v
cat passfile | sudo -S ls /root
Why does it work when I ssh to the machine directly but does not when Hudson uses ssh? Is there a way to make sudo work in Hudson job without adding hudson user to the sudoers file?
Edit: here is output when executing sudo commands after I ssh to the system as hudson user:
[hudson@sc11136681 ~]$ cat passfile | sudo -S -v
[sudo] password for hudson: [hudson@sc11136681 ~]$
[hudson@sc11136681 ~]$
[hudson@sc11136681 ~]$ cat passfile | sudo -S ls /root
anaconda-ks.cfg install.log.syslog jaytest
install.log iscsi_pool_protocol_fields_file subnets
The solution to this problem that worked for us was to install local sudo on the system. Command used:
sudo yum reinstall sudo
Once installed, had to make sure the right sudo was used:
export PATH=/usr/bin:$PATH
The above can be added to slave configuration so it works for all jobs on that slave.