Critical When you install Jenkins on Solaris 11 Express by using the IPS distribution (see https://wiki.jenkins-ci.org/display/JENKINS/Installing+Jenkins+on+OpenSolaris), a default manifest file is automatically provided. When you import it into SMF without adapting it and then start Jenkins, the instance is being run under the root account because of the following credentials in the manifest XML that are used for executing the process:
<method_credential user='root' group='root' />
A misbehaving process could eventually destroy the whole system Jenkins is running on...
I suggest to change the above line to either make use of the user "webservd" or better "nobody"; the latter one normally has no rights. The group credentials should also be changed:
--- jenkins.xml.orig 2011-12-21 20:21:06.000000000 +0100 +++ jenkins.xml 2011-12-21 23:37:10.000000000 +0100 @@ -37,7 +37,7 @@ </dependency> <method_context> - <method_credential user='root' group='root' /> + <method_credential user='nobody' group=':default' /> <method_environment> <envvar name='PATH' value='/usr/bin:/usr/sbin:/usr/ccs/bin:/usr/local/bin:/usr/local/sbin:/usr/sfw/bin' /> <envvar name='JENKINS_HOME' value='/var/lib/jenkins' />
- is related to
-
JENKINS-11729 Cannot install Jenkins on a fresh copy of Solaris 11
-
- Resolved
-
