Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-21327

Offering access to users with RUN_SCRIPTS is redundant

XMLWordPrintable

      From my reading of the UI and wiki, Scriptler seems to allow people with ADMINISTER to always run scripts, and those with RUN_SCRIPTS to do so only if additionally authorized. If true, this is backwards, as RUN_SCRIPTS is strictly more powerful than ADMINISTER. (And for Scriptler to be useful in a large secured installation, someone with RUN_SCRIPTS needs to be able to offer scripts for use by users who lack either permission.)

      Is this really true, or does the UI just give this false impression? For example

      Allow execution by user with 'RunScripts' permission

          [JENKINS-21327] Offering access to users with RUN_SCRIPTS is redundant

          Jesse Glick created issue -

          Jesse Glick added a comment -

          Or

          Checking this option, allows users who have the 'RunScript' permission to change a scriptler scripts before executing it.
          A user can seriously harm your system and compromise your security!

          which makes no sense, since a user with RUN_SCRIPTS can trivially compromise any kind of security without any help from the Scriptler plugin.

          Jesse Glick added a comment - Or Checking this option, allows users who have the 'RunScript' permission to change a scriptler scripts before executing it. A user can seriously harm your system and compromise your security! which makes no sense, since a user with RUN_SCRIPTS can trivially compromise any kind of security without any help from the Scriptler plugin.

          Dominik Bartholdi added a comment -

          If you'r right and RUN_SCRIPTS has more power then ADMINISTRATOR, then I must say that RUN_SCRIPT is not well documented and a very very misleading name.

          But anyway - I guess if you say so, then you probably are right and sure this must be changed/fixed!

          Dominik Bartholdi added a comment - If you'r right and RUN_SCRIPTS has more power then ADMINISTRATOR, then I must say that RUN_SCRIPT is not well documented and a very very misleading name. But anyway - I guess if you say so, then you probably are right and sure this must be changed/fixed!

          Jesse Glick added a comment -

          Filed JENKINS-21336 to capture the broader discussion.

          Jesse Glick added a comment - Filed JENKINS-21336 to capture the broader discussion.
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-21336 [ JENKINS-21336 ]

          Daniel Beck added a comment -

          domi:

          If you'r right and RUN_SCRIPTS has more power then ADMINISTRATOR, then I must say that RUN_SCRIPT is not well documented and a very very misleading name.

          It's as useless on almost all instances as the UploadPlugins and ConfigureUpdateCenter permissions (i.e. 3 out of 5) that only exist to enable somewhat secure Cloudbees-hosted instances.

          Daniel Beck added a comment - domi : If you'r right and RUN_SCRIPTS has more power then ADMINISTRATOR, then I must say that RUN_SCRIPT is not well documented and a very very misleading name. It's as useless on almost all instances as the UploadPlugins and ConfigureUpdateCenter permissions (i.e. 3 out of 5) that only exist to enable somewhat secure Cloudbees-hosted instances.

          Dominik Bartholdi added a comment -

          @danielbeck
          I now fully agree and think the whole permission schemas are a mess, not just how to use them in the code, but also to administer - an administrator has barely an idea what implication each permission has for each user.

          I will chenage the usage of RUN_SCRIPT in scriptler, but I just did not have the time to so yet...

          Dominik Bartholdi added a comment - @danielbeck I now fully agree and think the whole permission schemas are a mess, not just how to use them in the code, but also to administer - an administrator has barely an idea what implication each permission has for each user. I will chenage the usage of RUN_SCRIPT in scriptler, but I just did not have the time to so yet...
          Jesse Glick made changes -
          Link New: This issue is duplicated by SECURITY-135 [ SECURITY-135 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 153191 ] New: JNJira + In-Review [ 178442 ]

          SCM/JIRA link daemon added a comment -

          Code changed in jenkins
          User: imod
          Path:
          src/main/java/org/jenkinsci/plugins/scriptler/ScriptlerManagement.java
          src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java
          src/main/resources/org/jenkinsci/plugins/scriptler/Messages.properties
          src/main/webapp/help-allowRunScriptEdit.html
          src/main/webapp/help-allowRunScriptPermission.html
          src/test/java/org/jenkinsci/plugins/scriptler/restapi/ScriptlerRestApiTest.java
          http://jenkins-ci.org/commit/scriptler-plugin/71054a6da9c98d23dcc63588686939a62765cf09
          Log:
          JENKINS-21327 replace RUN_SCRIPTS with a new Scritpler RUN permission

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: imod Path: src/main/java/org/jenkinsci/plugins/scriptler/ScriptlerManagement.java src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java src/main/resources/org/jenkinsci/plugins/scriptler/Messages.properties src/main/webapp/help-allowRunScriptEdit.html src/main/webapp/help-allowRunScriptPermission.html src/test/java/org/jenkinsci/plugins/scriptler/restapi/ScriptlerRestApiTest.java http://jenkins-ci.org/commit/scriptler-plugin/71054a6da9c98d23dcc63588686939a62765cf09 Log: JENKINS-21327 replace RUN_SCRIPTS with a new Scritpler RUN permission

            domi Dominik Bartholdi
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: