I'm assuming that you're talking about system accounts and groups, not SCM accounts. The fact that you're saying "groups" implies to me that you're using a Un*x flavor.
Basically, if you need the build to run as "otto/dev", you have the choices below. SECURITY NOTE: In _all_ of these cases, you are giving Jenkins permission to run arbitrary commands as "otto". Anyone who has admin privileges to the Jenkins server can do _anything_ with the "otto" account. 1: Have the Jenkins server run as "otto". Simplest thing, but doesn't help if you need to run different builds as different users 2: Have the Jenkins server run as user "jenkins". Give user "jenkins" permission to become "otto" (In Unix, that would be "sudo" privileges). Launch a slave node with a script that does the sudo, so that the node is run as "otto". Now any job tied to that node will run as "otto". 3: Again, give "Jenkins" sudo priviliges to "otto" as above. Have the job itself invoke the sudo, so that it can run on the master Jenkins server or a slave owned by user "jenkins". 4: Get the "otto" account to launch the slave itself (possibly via something like a cron job) and connect to the Jenkins server. Again, anything Jenkins runs on this slave will be run as "otto". To see how to use a script to launch a slave, or how to get "otto" to launch its own slave, see the wiki at https://wiki.jenkins-ci.org/display/JENKINS/Distributed+builds. For Jenkins to launch the slave, it's "write your own script to launch Jenkins slaves"; to launch as "otto", it's "Launch slave agent headlessly". --Rob From: jenkinsci-users@googlegroups.com [mailto:jenkinsci-users@googlegroups.com] On Behalf Of krishna chaitanya kurnala Sent: Wednesday, July 25, 2012 1:53 AM To: jenkinsci-users@googlegroups.com Subject: Re: Question on which user accounts to use for Jenkins and for builds/access to source control Hi John This is a simple problem, if we dont try to over-kill it. Each SCM has its own user files to authenticate transactions, please dont confuse between system/scm accounts. Both are separate. Hence, create service, for example, i created, jenkins-pan for our company, i just make sure, this user account has enough access to check-out/commit for any branch that jenkins builds(even other teams should give enough access for this scm account if they want CI Builds) Hope i made sense. thanks, Krishna Chaitanya On Tue, Jul 24, 2012 at 2:21 PM, JohnL <john.lengel...@gmail.com<mailto:john.lengel...@gmail.com>> wrote: I am new to Jenkins... I am trying to figure out how to setup jenkins on top of our existing builds which are run out of cron. We have a specific user account which is used for all builds and tests. (user: otto, group: dev). This specific user belongs to the group which is needed to access the source code repository. Should I setup Jenkins to run as user "jenkins" and group "jenkins" and then have jobs setup to run the builds using our build account? What about when Jenkins is polling the source control system. Would it need to be a member of group "dev"? Would it be better to setup the Jenkins user account to be by default using the group "dev"? It also appears that other development groups may be using other user/group accounts to run builds and access source repositories. So what ever I setup, I need to be able to handle these builds using their build accounts. Any guidance for me? TIA, johnl The information in this message is for the intended recipient(s) only and may be the proprietary and/or confidential property of Litle & Co., LLC, and thus protected from disclosure. If you are not the intended recipient(s), or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any use, dissemination, distribution or copying of this communication is prohibited. If you have received this communication in error, please notify Litle & Co. immediately by replying to this message and then promptly deleting it and your reply permanently from your computer.
