Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25842

User Permissions Wiped After Jenkins Restart

    Details

    • Type: Bug
    • Status: Reopened (View Workflow)
    • Priority: Blocker
    • Resolution: Unresolved
    • Component/s: core
    • Labels:
    • Environment:
    • Similar Issues:

      Description

      See here also: http://stackoverflow.com/questions/27131560/jenkins-user-permissions-wiped-on-restart

      Essentially I can set up security and it works, but after a restart all permissions are wiped:

      1. Downloaded Redhat rpm from Jenkings main site (jenkins-1.590-1.1.noarch.rpm) and installed directly onto server

      2. Jobs can be set up and work fine

      3. Enabled jenkins own DB authentication with matrix permissions

      4. Add myself a user ID and assign full permissions, allowing anonymous 'overall read' (NOTE I have done this with and without setting this anonymous permission and the result is the same)

      5. Save

      6. Restart jenkins

      7. Create an account to link the ID added in #4

      8. All seems fine, permissions are in place and I can do everything I want to

      9. can log out and back in without problem

      10. Restart jenkins

      11. Log back into the account

      12. All permissions are gone and I can't access the system.

      13. If I try to hit a secure page directly I get the message "t143ahe is missing the Overall/Administer permission"

      14. This will happen with all users if I have added more than one.

      The same happens with project based matrix authentication.

      To get get back into Jenkins I have to disable security by deleting config.xml and deleting user folders from the users directory.

      Rightly or wrongly I've marked this as a Blocker as I can't set up CI in my company without this security in place (can't have Joe Bloggs kicking off a production build).

        Attachments

          Activity

          Hide
          msf Harsh Shandilya added a comment -

          Mine is worse, I can't even log in :/

          Show
          msf Harsh Shandilya added a comment - Mine is worse, I can't even log in :/
          Hide
          grim42 Ishaan Gupta added a comment -

          The same is the issue with the latest version of Jenkins. (1.3.8).

          Using Jenkins on Docker and on plugin installation and restart, the LDAP properties get reset to own user database.

          Have to reconfigure the security configurations and also set the file configurations as that also gets reset.

           

          Show
          grim42 Ishaan Gupta added a comment - The same is the issue with the latest version of Jenkins. (1.3.8). Using Jenkins on Docker and on plugin installation and restart, the LDAP properties get reset to own user database. Have to reconfigure the security configurations and also set the file configurations as that also gets reset.  
          Hide
          suganyaravikumar Suganya Ravikumar added a comment -

          We ran into the same issue with Jenkins ver 2.164.2 on Ubuntu. After Jenkins master restart, the user accounts/password/security details were wiped out.

          Show
          suganyaravikumar Suganya Ravikumar added a comment - We ran into the same issue with Jenkins ver 2.164.2 on Ubuntu. After Jenkins master restart, the user accounts/password/security details were wiped out.
          Hide
          posix99 posix phonix added a comment -

          In our case it happened after a reboot + few plugin updates.
          1. we had to disable security as per above suggestions
          2. roll back the upgraded plugins to their previous version
          3. enable security back (at this stage users still not able to login)
          4. reload configuration from disk (it will quick-restart jenkins)
          5. users were able to login again, using their original credentials

          we suspect there was an issue while jenkins was loading config.xml causing it to somehow avoid the users/roles section.

          Show
          posix99 posix phonix added a comment - In our case it happened after a reboot + few plugin updates. 1. we had to disable security as per above suggestions 2. roll back the upgraded plugins to their previous version 3. enable security back (at this stage users still not able to login) 4. reload configuration from disk (it will quick-restart jenkins) 5. users were able to login again, using their original credentials we suspect there was an issue while jenkins was loading config.xml causing it to somehow avoid the users/roles section.
          Hide
          roberthorne Robert Horne added a comment -

           I may have found a solution if you are in a similar edge case to me:

           

          I found that on my instance of Jenkins (running on docker, although I think this is irrelevant) had an initialization script.

          Under the $JEKINS_HOME / init.groovy.d directory: security.groovy.

          This file was forcing a security realm strategy and other security settings like authorization strategy.

           

           

          Perhaps check that out, hope it helps!

          Show
          roberthorne Robert Horne added a comment -  I may have found a solution if you are in a similar edge case to me:   I found that on my instance of Jenkins (running on docker, although I think this is irrelevant) had an initialization script . Under the $JEKINS_HOME  / init.groovy.d directory: security.groovy . This file was forcing a security realm strategy and other security settings like authorization strategy.     Perhaps check that out, hope it helps!

            People

            • Assignee:
              Unassigned
              Reporter:
              scribe Chris Parr
            • Votes:
              7 Vote for this issue
              Watchers:
              14 Start watching this issue

              Dates

              • Created:
                Updated: