Jenkins group while in job is not the same as in terminal

champdemars696969 · November 5, 2021, 9:43pm

When I run the id command from the agent, I get this:

+ /usr/bin/hostname
debian-podman

/usr/bin/id
uid=1001(jenkins) gid=1001(jenkins) groups=1001(jenkins)

However, when I do the same command from the terminal, I get this:

jenkins@debian-podman:~$ id
uid=1001(jenkins) gid=998(docker) groups=998(docker)

I am trying to execute docker commands. From the terminal, commands are working fine, but not from the agent.

Any ideas what I can change to have proper groups?

halkeye · November 5, 2021, 10:05pm

I think we need a lot more details.

In your first example. How are you connecting to the agent?

In your second example. What pipeline code are you running? What’s the full log look like? How is Jenkins connecting to the agent?

champdemars696969 · November 6, 2021, 5:06am

I have an agent that is running on a docker host. The jenkins user where the agent is running is allowed to run docker commands.

When I SSH directly in the docker host, I execute docker commands, everything works fine (as jenkins user).

Now if I try to execute a simple docker command from the agent, it generates a “permission denied” error.

Here is the complete output from my build:

Started by user Sebastien Manningham
Running as SYSTEM
Building remotely on debian-podman in workspace /var/lib/jenkins/workspace/test123
[test123] $ /bin/sh -xe /tmp/jenkins5844386795245861196.sh
+ /usr/bin/id
uid=1001(jenkins) gid=1001(jenkins) groups=1001(jenkins)
+ /usr/bin/hostname
debian-podman
+ /usr/bin/docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix /var/run/docker.sock: connect: permission denied
Build step 'Execute shell' marked build as failure
Finished: FAILURE

halkeye · November 6, 2021, 5:38am

so the agent is a docker agent with docker socket mounted inside of it?
You need to run the agent with group-add to give the process the right gids and stuff.

If your agent is an ssh agent, that’s super weird. I don’t know of any way for group stuff to be different shell vs not. If the groups were added after the agent.jar was run, then you need to restart the agent since groups are only picked up on process start.

champdemars696969 · November 6, 2021, 1:26pm

OMG… I found it… as usual, weirdest stuff are always stupid.

I added the jenkins user to the docker group AFTER I created my ssh agent. In order to solve the issue… I just had to disconnect / reconnect the agent…

Topic		Replies	Views
Jenkins under Docker with -v /var/run/docker.sock:/var/run/docker.sock: permission denied Ask a question	3	2143	December 17, 2021
Jenkins: Cannot connect to the Docker daemon on Mac Ask a question question , docker , jenkinsfile , pipeline	2	1935	August 27, 2023
Jenkins server can't access jenkins agent Ask a question question	1	1919	August 14, 2023
SSH agent connection Ask a question docker	0	1204	May 4, 2023
Docker jenkins ssh-agent "not running inside container" in Ubuntu 22.04 Using Jenkins docker	2	2954	May 20, 2022

Jenkins group while in job is not the same as in terminal

Related Topics