Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-52750

dir step creates a <dirname>@tmp directory at <dirname> level.

    Details

    • Similar Issues:

      Description

      In order to install some internal tools within /opt/tools through a Jenkins job, I have created a /opt/tools directory belonging to jenkins:jenkins and where user jenkins only (the user running the slave) has rwx rights.
      Trying something like :

      stages {
        steps('xyz') {
          dir('/opt/tools') {
             sh "pwd"
          }
        }
      }
      

      Fails with an exception ending with :

      java.nio.file.AccessDeniedException: /opt/tools@tmp
      	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
      	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
      	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
      	at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
      	at java.nio.file.Files.createDirectory(Files.java:674)
      	at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
      	at java.nio.file.Files.createDirectories(Files.java:767)
      	at hudson.FilePath.mkdirs(FilePath.java:3098)
      	at hudson.FilePath.access$900(FilePath.java:209)
      	at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
      	at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
      	at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:212)
      	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
      	at hudson.remoting.Request$2.run(Request.java:369)
      	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
      	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
      	at java.lang.Thread.run(Thread.java:748)
      

      It appears that Jenkins tries to create a tools@tmp directory at the same level as tools. Yet, there is absolutely no reason for the tools root directory to be writable for any user.
      And as far as /opt is concerned here, for sure it must not be writable for anybody else than root.

      Additionnally, such @tmp directory is not removed once the build is achieved. Even though it seems that the directory is empty, I think that Jenkins should remove it to give back a clean environment.

       

        Attachments

          Activity

          jlpinardon jlpinardon created issue -
          jlpinardon jlpinardon made changes -
          Field Original Value New Value
          Description In order to install some internal tools within {{/opt/tools}} through a Jenkins job, I have created a {{/opt/tools}} directory belonging to _{{jenkins:jenkins}}_ and where user {{jenkins}} only (the user running the slave) has rwx rights.
          Trying something like :
          {code:java}
          stages {
            steps('xyz') {
              dir('/opt/tools') {
                 sh "pwd"
              }
            }
          }
          {code}
          Fails with an exception ending with :
          {code:java}
          java.nio.file.AccessDeniedException: /opt/iotb@tmp
          at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
          at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
          at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
          at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
          at java.nio.file.Files.createDirectory(Files.java:674)
          at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
          at java.nio.file.Files.createDirectories(Files.java:767)
          at hudson.FilePath.mkdirs(FilePath.java:3098)
          at hudson.FilePath.access$900(FilePath.java:209)
          at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
          at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
          at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
          at hudson.remoting.UserRequest.perform(UserRequest.java:212)
          at hudson.remoting.UserRequest.perform(UserRequest.java:54)
          at hudson.remoting.Request$2.run(Request.java:369)
          at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
          at java.util.concurrent.FutureTask.run(FutureTask.java:266)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
          at java.lang.Thread.run(Thread.java:748)
          {code}
          It appears that Jenkins tries to create a tools@tmp directory at the same level as {{tools}}. Yet, there is absolutely no reason for the {{tools}} root directory to be writable for any user.
          And as far as *_{{/opt}}_* is concerned here, _it must no be writable for anybody else than root_.

           
          In order to install some internal tools within {{/opt/tools}} through a Jenkins job, I have created a {{/opt/tools}} directory belonging to _{{jenkins:jenkins}}_ and where user {{jenkins}} only (the user running the slave) has rwx rights.
           Trying something like :
          {code:java}
          stages {
            steps('xyz') {
              dir('/opt/tools') {
                 sh "pwd"
              }
            }
          }
          {code}
          Fails with an exception ending with :
          {code:java}
          java.nio.file.AccessDeniedException: /opt/tools@tmp
          at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
          at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
          at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
          at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
          at java.nio.file.Files.createDirectory(Files.java:674)
          at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
          at java.nio.file.Files.createDirectories(Files.java:767)
          at hudson.FilePath.mkdirs(FilePath.java:3098)
          at hudson.FilePath.access$900(FilePath.java:209)
          at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
          at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
          at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
          at hudson.remoting.UserRequest.perform(UserRequest.java:212)
          at hudson.remoting.UserRequest.perform(UserRequest.java:54)
          at hudson.remoting.Request$2.run(Request.java:369)
          at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
          at java.util.concurrent.FutureTask.run(FutureTask.java:266)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
          at java.lang.Thread.run(Thread.java:748)
          {code}
          It appears that Jenkins tries to create a tools@tmp directory at the same level as {{tools}}. Yet, there is absolutely no reason for the {{tools}} root directory to be writable for any user.
           And as far as *_{{/opt}}_* is concerned here, _it must no be writable for anybody else than root_.

           
          abayer Andrew Bayer made changes -
          Component/s workflow-basic-steps-plugin [ 21712 ]
          Component/s pipeline [ 21692 ]
          jlpinardon jlpinardon made changes -
          Description In order to install some internal tools within {{/opt/tools}} through a Jenkins job, I have created a {{/opt/tools}} directory belonging to _{{jenkins:jenkins}}_ and where user {{jenkins}} only (the user running the slave) has rwx rights.
           Trying something like :
          {code:java}
          stages {
            steps('xyz') {
              dir('/opt/tools') {
                 sh "pwd"
              }
            }
          }
          {code}
          Fails with an exception ending with :
          {code:java}
          java.nio.file.AccessDeniedException: /opt/tools@tmp
          at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
          at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
          at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
          at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
          at java.nio.file.Files.createDirectory(Files.java:674)
          at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
          at java.nio.file.Files.createDirectories(Files.java:767)
          at hudson.FilePath.mkdirs(FilePath.java:3098)
          at hudson.FilePath.access$900(FilePath.java:209)
          at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
          at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
          at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
          at hudson.remoting.UserRequest.perform(UserRequest.java:212)
          at hudson.remoting.UserRequest.perform(UserRequest.java:54)
          at hudson.remoting.Request$2.run(Request.java:369)
          at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
          at java.util.concurrent.FutureTask.run(FutureTask.java:266)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
          at java.lang.Thread.run(Thread.java:748)
          {code}
          It appears that Jenkins tries to create a tools@tmp directory at the same level as {{tools}}. Yet, there is absolutely no reason for the {{tools}} root directory to be writable for any user.
           And as far as *_{{/opt}}_* is concerned here, _it must no be writable for anybody else than root_.

           
          In order to install some internal tools within {{/opt/tools}} through a Jenkins job, I have created a {{/opt/tools}} directory belonging to _{{jenkins:jenkins}}_ and where user {{jenkins}} only (the user running the slave) has rwx rights.
           Trying something like :
          {code:java}
          stages {
            steps('xyz') {
              dir('/opt/tools') {
                 sh "pwd"
              }
            }
          }
          {code}
          Fails with an exception ending with :
          {code:java}
          java.nio.file.AccessDeniedException: /opt/tools@tmp
          at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
          at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
          at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
          at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
          at java.nio.file.Files.createDirectory(Files.java:674)
          at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
          at java.nio.file.Files.createDirectories(Files.java:767)
          at hudson.FilePath.mkdirs(FilePath.java:3098)
          at hudson.FilePath.access$900(FilePath.java:209)
          at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
          at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
          at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
          at hudson.remoting.UserRequest.perform(UserRequest.java:212)
          at hudson.remoting.UserRequest.perform(UserRequest.java:54)
          at hudson.remoting.Request$2.run(Request.java:369)
          at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
          at java.util.concurrent.FutureTask.run(FutureTask.java:266)
          at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
          at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
          at java.lang.Thread.run(Thread.java:748)
          {code}
          It appears that Jenkins tries to create a tools@tmp directory at the same level as {{tools}}. Yet, there is absolutely no reason for the {{tools}} root directory to be writable for any user.
           And as far as *_{{/opt}}_* is concerned here, for sure _it must not be writable for anybody else than root_.

          Additionnally, such _@tmp_ directory is not removed once the build is achieved. Even though it seems that the directory is empty, I think that Jenkins should remove it to give back a clean environment.

           
          vivek Vivek Pandey made changes -
          Labels pipeline pipeline pipeline-triaged

            People

            • Assignee:
              Unassigned
              Reporter:
              jlpinardon jlpinardon
            • Votes:
              8 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

              • Created:
                Updated: