Linux 避免 Jenkins 错误的最佳实践:sudo: no tty present and no askpass program specified
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17414533/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Best practices to avoid Jenkins error: sudo: no tty present and no askpass program specified
提问by s g
When running any sudo command from Jenkins I get the following error: sudo: no tty present and no askpass program specified.
当从詹金斯运行任何sudo命令我碰到下面的错误:sudo: no tty present and no askpass program specified。
I understand that I can solve this by adding a NOPASSWDentry to my /etc/sudoersfile which will allow user jenkinsto run commands without needing a password. I can add an entry like this:
我知道我可以通过在我的文件中添加一个NOPASSWD条目来解决这个问题,/etc/sudoers这将允许用户jenkins在不需要密码的情况下运行命令。我可以添加这样的条目:
%jenkins ALL=(ALL)NOPASSWD:/home/me/dir/script.sh
...but this leads to the following issue: https://stackoverflow.com/questions/17414330/how-to-avoid-specifying-full-path-in-sudoers-file
...但这会导致以下问题:https: //stackoverflow.com/questions/17414330/how-to-avoid-specifying-full-path-in-sudoers-file
I can add an entry like this:
我可以添加这样的条目:
%jenkins ALL=NOPASSWD: ALL
...but this allows user jenkins to avoid the password prompt for ALLcommands, which seems a bit unsafe. I'm just curious what my options are here, and if there are any best practices I should consider.
...但这允许用户 jenkins 避免所有命令的密码提示,这似乎有点不安全。我只是好奇我在这里有什么选择,如果有任何我应该考虑的最佳实践。
回答by Electrawn
The no tty thing (requirettyin sudoers) is the real issue.
没有 tty 的事情(requiretty在sudoers 中)才是真正的问题。
Basically, comment out the following lines in your /etc/sudoersfile:
基本上,注释掉/etc/sudoers文件中的以下几行:
#Defaults requiretty
#Defaults !visiblepw
Other ways to get it to work:
使其工作的其他方法:
Defaults !requiretty
Or per user:
或每个用户:
Defaults:jenkins !requiretty
A more detailed answer is this answerto this question on the Unix & Linux Stack Exchange site:
更详细的答案是在 Unix & Linux Stack Exchange 站点上对这个问题的回答:
回答by serup
One thing you can do is to get Jenkins to run a script, for example 'run.sh', then from inside this script you can start makefiles, and make sure that there are no sudo commands inside the makefiles.
您可以做的一件事是让 Jenkins 运行一个脚本,例如“run.sh”,然后从这个脚本中您可以启动 makefile,并确保 makefile 中没有 sudo 命令。
It is a bit of a hassle, but at least you are not risking changing security settings
这有点麻烦,但至少您不会冒险更改安全设置
