We have a hudson + php + phing setup working on Ubuntu 12.04
We have a set of credential files that we want to protect. Files are located in / usr / lib / vocanic -credentials /. All files here are available either via www-data or in hudson (we set credentials to access the group).
With this setting, when I log in as hudson and run the phing command from bash, everything works fine. When you do the same with the hudson build process (by going to "Build Now" on the web interface), it fails by specifying "Allow failure."
[01;35m[PHP Error] include(.../hudson_dev_vocanic_mantle_build.php): failed to open stream: Permission denied [line 3 of /.../utils_config.inc.php][m [01;35m[PHP Error] include(): Failed opening '/usr/lib/vocanic-credentials/hudson_dev_vocanic_mantle_build.php' for inclusion (include_path='...') [line 3 of /.../utils_config.inc.php][m
When we change permissions to allow "everything" access, it also works from the hudson web interface. So, we decided that the actual execution of hudson should be some other user (although there is no public document on this), we printed whoami from our code and seemed to indicate "hudson".
Even accessing the file (without access to everyone) like hudson seems to work like from bash - sudo -u hudson cat /usr/lib/vocanic-credentials/hudson_dev_vocanic_mantle_build.php .
At the moment, we do not know how to solve this problem. Any help would be appreciated.
source share