Search code examples
macosjenkinsmacos-high-sierra

Jenkins user is gone after macOS update

I'm running Jenkins as a CI server on a Mac. It was running fine on macOS 10.12 with the typical setup with user jenkins.

Today I upgraded macOS to 10.13 (High Sierra). Jenkins could not start after the upgrade process completed. Furthermore, there was no user jenkins on the system. All Jenkins files are there, but there is no jenkins user in Settings -> Users & Groups. If I try to use jenkins user in Terminal, for instance if I try to change file ownership to jenkins with chown, I get:

chown: jenkins: illegal user name

How do I fix this?

Solution

  • I've managed to re-create jenkins user by extracting the script commands that create it from Jenkins installation. I ran this script in particular:

    JENKINS_HOMEDIR="/Users/Shared/Jenkins"
DEFAULTS_PLIST="/Library/Preferences/org.jenkins-ci.plist"

if dscl . -list /Users/jenkins; then
    echo 'jenkins user already exists, attempting to change the shell to /bin/bash'
    # Will fail if UserShell is not /usr/bin/false, but that's ok.
    # Then we will assume an admin has changed it.
    dscl . -change /Users/jenkins UserShell /usr/bin/false /bin/bash
else
    echo 'No jenkins user found, creating jenkins user and group'

# Find free uid under 500
    uid=$(dscl . -list /Users uid | sort -nrk 2 | awk '$2 < 500 {print $2 + 1; exit 0}')
    if [ $uid -eq 500 ]; then
        echo 'ERROR: All system uids are in use!'
        exit 1
    fi
    echo "Using uid $uid for jenkins"

    gid=$uid
    while dscl -search /Groups gid $gid | grep -q $gid; do
        echo "gid $gid is not free, trying next"
        gid=$(($gid + 1))
    done
    echo "Using gid $gid for jenkins"

    dscl . -create /Groups/jenkins PrimaryGroupID $gid

    dscl . -create /Users/jenkins UserShell /bin/bash
    dscl . -create /Users/jenkins Password '*'
    dscl . -create /Users/jenkins UniqueID $uid
    dscl . -create /Users/jenkins PrimaryGroupID $gid
    dscl . -create /Users/jenkins NFSHomeDirectory "$JENKINS_HOMEDIR"

    dscl . -append /Groups/jenkins GroupMembership jenkins
fi

# identify the real default group name for user jenkins
groupid=`dscl . read /Users/jenkins PrimaryGroupID | awk '{print $2}'`
gname=`id -n -g $groupid`

echo "Using jenkins:${gname} as file owner and group for jenkins daemon files"

find "$JENKINS_HOMEDIR" \( -not -user jenkins -or -not -group ${gname} \) -print0 | xargs -0 chown jenkins:${gname}

# Add defaults for heap sizing
arch=$(uname -m)
if [ $arch = 'x86_64' ]; then
    defaults write $DEFAULTS_PLIST heapSize 512m
    defaults write $DEFAULTS_PLIST permGen 512m
    defaults write $DEFAULTS_PLIST minHeapSize 256m
    defaults write $DEFAULTS_PLIST minPermGen 256m
else
    # i386
    defaults write $DEFAULTS_PLIST heapSize 128m
    defaults write $DEFAULTS_PLIST permGen 128m
    defaults write $DEFAULTS_PLIST minHeapSize 64m
    defaults write $DEFAULTS_PLIST minPermGen 64m    
fi

defaults write $DEFAULTS_PLIST httpPort 8080

# Set tmpdir
JENKINS_TMPDIR="$JENKINS_HOMEDIR/tmp"
defaults write $DEFAULTS_PLIST tmpdir $JENKINS_TMPDIR
mkdir -p $JENKINS_TMPDIR
chown jenkins:${gname} $JENKINS_TMPDIR

# Create log directory, which can be written by Jenkins daemon
mkdir -p /var/log/jenkins
chown jenkins:${gname} /var/log/jenkins