Jenkins group while in job is not the same as in terminal

When I run the id command from the agent, I get this:

+ /usr/bin/hostname

uid=1001(jenkins) gid=1001(jenkins) groups=1001(jenkins)

However, when I do the same command from the terminal, I get this:

jenkins@debian-podman:~$ id
uid=1001(jenkins) gid=998(docker) groups=998(docker)

I am trying to execute docker commands. From the terminal, commands are working fine, but not from the agent.

Any ideas what I can change to have proper groups?

I think we need a lot more details.

In your first example. How are you connecting to the agent?

In your second example. What pipeline code are you running? What’s the full log look like? How is Jenkins connecting to the agent?

I have an agent that is running on a docker host. The jenkins user where the agent is running is allowed to run docker commands.

When I SSH directly in the docker host, I execute docker commands, everything works fine (as jenkins user).

Now if I try to execute a simple docker command from the agent, it generates a “permission denied” error.

Here is the complete output from my build:

Started by user Sebastien Manningham
Running as SYSTEM
Building remotely on debian-podman in workspace /var/lib/jenkins/workspace/test123
[test123] $ /bin/sh -xe /tmp/
+ /usr/bin/id
uid=1001(jenkins) gid=1001(jenkins) groups=1001(jenkins)
+ /usr/bin/hostname
+ /usr/bin/docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docker.sock: connect: permission denied
Build step 'Execute shell' marked build as failure
Finished: FAILURE

so the agent is a docker agent with docker socket mounted inside of it?
You need to run the agent with group-add to give the process the right gids and stuff.

If your agent is an ssh agent, that’s super weird. I don’t know of any way for group stuff to be different shell vs not. If the groups were added after the agent.jar was run, then you need to restart the agent since groups are only picked up on process start.

OMG… I found it… as usual, weirdest stuff are always stupid.

I added the jenkins user to the docker group AFTER I created my ssh agent. In order to solve the issue… I just had to disconnect / reconnect the agent…