[JIRA] [core] (JENKINS-25842) User Permissions Wiped After Jenkins Restart

Mon, 01 Dec 2014 03:43:23 -0800

Issue Type: Bug Bug
Assignee: Unassigned
Components: core, security
Created: 01/Dec/14 11:42 AM
Description:

See here also: http://stackoverflow.com/questions/27131560/jenkins-user-permissions-wiped-on-restart

Essentially I can set up security and it works, but after a restart all permissions are wiped:

1. Downloaded Redhat rpm from Jenkings main site (jenkins-1.590-1.1.noarch.rpm) and installed directly onto server

2. Jobs can be set up and work fine

3. Enabled jenkins own DB authentication with matrix permissions

4. Add myself a user ID and assign full permissions, allowing anonymous 'overall read' (NOTE I have done this with and without setting this anonymous permission and the result is the same)

5. Save

6. Restart jenkins

7. Create an account to link the ID added in #4

8. All seems fine, permissions are in place and I can do everything I want to

9. can log out and back in without problem

10. Restart jenkins

11. Log back into the account

12. All permissions are gone and I can't access the system.

13. If I try to hit a secure page directly I get the message "t143ahe is missing the Overall/Administer permission"

14. This will happen with all users if I have added more than one.

To get get back into Jenkins I have to disable security by deleting config.xml and deleting user folders from the users directory.
Environment: System Properties

Name / Value
com.sun.akuma.Daemon daemonized
executable-war /usr/lib/jenkins/jenkins.war
file.encoding UTF-8
file.encoding.pkg sun.io
file.separator /
guice.disable.misplaced.annotation.check true
http.proxyHost icsarray.ics.express.tnt
http.proxyPort 8080
hudson.diyChunking true
java.awt.graphicsenv sun.awt.X11GraphicsEnvironment
java.awt.headless true
java.awt.printerjob sun.print.PSPrinterJob
java.class.path /usr/lib/jenkins/jenkins.war
java.class.version 50.0
java.endorsed.dirs /communique2/java/jdk1.6.0_71/jre/lib/endorsed
java.ext.dirs /communique2/java/jdk1.6.0_71/jre/lib/ext:/usr/java/packages/lib/ext
java.home /communique2/java/jdk1.6.0_71/jre
java.io.tmpdir /tmp
java.library.path /communique2/java/jdk1.6.0_71/jre/lib/amd64/server:/communique2/java/jdk1.6.0_71/jre/lib/amd64:/communique2/java/jdk1.6.0_71/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib
java.runtime.name Java(TM) SE Runtime Environment
java.runtime.version 1.6.0_71-b12
java.specification.name Java Platform API Specification
java.specification.vendor Sun Microsystems Inc.
java.specification.version 1.6
java.vendor Sun Microsystems Inc.
java.vendor.url http://java.sun.com/
java.vendor.url.bug http://java.sun.com/cgi-bin/bugreport.cgi
java.version 1.6.0_71
java.vm.info mixed mode
java.vm.name Java HotSpot(TM) 64-Bit Server VM
java.vm.specification.name Java Virtual Machine Specification
java.vm.specification.vendor Sun Microsystems Inc.
java.vm.specification.version 1.0
java.vm.vendor Sun Microsystems Inc.
java.vm.version 20.71-b01
JENKINS_HOME /var/lib/jenkins
jna.platform.library.path /usr/lib64:/lib64:/usr/lib:/lib
jnidispatch.path /tmp/jna--1712433994/jna4896909062887311416.tmp
line.separator
mail.smtp.sendpartial true
mail.smtps.sendpartial true
os.arch amd64
os.name Linux
os.version 2.6.18-238.5.1.el5
path.separator :
securerandom.source file:/dev/./urandom
sun.arch.data.model 64
sun.boot.class.path /communique2/java/jdk1.6.0_71/jre/lib/resources.jar:/communique2/java/jdk1.6.0_71/jre/lib/rt.jar:/communique2/java/jdk1.6.0_71/jre/lib/sunrsasign.jar:/communique2/java/jdk1.6.0_71/jre/lib/jsse.jar:/communique2/java/jdk1.6.0_71/jre/lib/jce.jar:/communique2/java/jdk1.6.0_71/jre/lib/charsets.jar:/communique2/java/jdk1.6.0_71/jre/lib/modules/jdk.boot.jar:/communique2/java/jdk1.6.0_71/jre/classes
sun.boot.library.path /communique2/java/jdk1.6.0_71/jre/lib/amd64
sun.cpu.endian little
sun.cpu.isalist
sun.io.unicode.encoding UnicodeLittle
sun.java.command /usr/lib/jenkins/jenkins.war --logfile=/var/log/jenkins/jenkins.log --webroot=/var/cache/jenkins/war --daemon --httpPort=8080 --ajp13Port=8009 --debug=5 --handlerCountMax=100 --handlerCountMaxIdle=20
sun.java.launcher SUN_STANDARD
sun.jnu.encoding UTF-8
sun.management.compiler HotSpot 64-Bit Tiered Compilers
sun.os.patch.level unknown
svnkit.http.methods Digest,Basic,NTLM,Negotiate
svnkit.ssh2.persistent false
user.country GB
user.dir /
user.home /var/lib/jenkins
user.language en
user.name jenkins
user.timezone GB
Environment Variables

Name / Value
_ /communique2/java/jdk1.6.0_71/bin/java
CVS_RSH ssh
G_BROKEN_FILENAMES 1
HISTSIZE 1000
HOME /var/lib/jenkins
HOSTNAME gbahevl457.gb.tntpost.com
INPUTRC /etc/inputrc
JAVA_HOME /communique2/java/jdk1.6.0_71
KDE_IS_PRELINKED 1
KDE_NO_IPV6 1
KDEDIR /usr
LANG en_GB.UTF-8
LD_LIBRARY_PATH /communique2/java/jdk1.6.0_71/jre/lib/amd64/server:/communique2/java/jdk1.6.0_71/jre/lib/amd64:/communique2/java/jdk1.6.0_71/jre/../lib/amd64
LESSOPEN |/usr/bin/lesspipe.sh %s
LOGNAME jenkins
LS_COLORS no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:
M2 M2_HOME/bin
M2_HOME /opt/maven
MAIL /var/spool/mail/root
NLSPATH /usr/dt/lib/nls/msg/%L/%N.cat
PATH /usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/sbin:/usr/sbin:/bin:/usr/bin:/opt/maven/bin:/communique2/java/jdk1.6.0_71/bin:/opt/vault/bin
PWD /
SHELL /bin/bash
SHLVL 2
SSH_ASKPASS /usr/libexec/openssh/gnome-ssh-askpass
TERM xterm
USER jenkins
VAULT_HOME /opt/vault
XFILESEARCHPATH /usr/dt/app-defaults/%L/Dt
Plugins

Name / Version / Enabled / Pinned
ant 1.2 true false
antisamy-markup-formatter 1.3 true true
credentials 1.18 true false
cvs 2.12 true true
external-monitor-job 1.4 true true
javadoc 1.3 true true
junit 1.2 true true
ldap 1.6 true false
mailer 1.12 true true
mapdb-api 1.0.6.0 true false
matrix-auth 1.2 true true
matrix-project 1.4 true true
maven-plugin 2.8 true true
pam-auth 1.2 true true
scm-api 0.2 true false
ssh-credentials 1.10 true false
ssh-slaves 1.9 true false
subversion 2.4.5 true true
translation 1.12 true true
windows-slaves 1.0 true false
Project: Jenkins
Labels: jenkins security
Priority: Minor Minor
Reporter: Chris Parr
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators.
For more information on JIRA, see: http://www.atlassian.com/software/jira

--
You received this message because you are subscribed to the Google Groups "Jenkins Issues" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to