[JENKINS-52750] dir step creates a <dirname>@tmp directory at <dirname> level.

Type: Task
Resolution: Unresolved
Priority: Major
Component/s: workflow-basic-steps-plugin
Labels:
- pipeline
- pipeline-triaged
Environment:
Jenkins 2.121.2 on a CentOS 7

Similar Issues:
Powered by SuggestiMate

Show

In order to install some internal tools within /opt/tools through a Jenkins job, I have created a /opt/tools directory belonging to jenkins:jenkins and where user jenkins only (the user running the slave) has rwx rights.
Trying something like :

stages {
  steps('xyz') {
    dir('/opt/tools') {
       sh "pwd"
    }
  }
}

Fails with an exception ending with :

java.nio.file.AccessDeniedException: /opt/tools@tmp
	at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
	at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
	at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
	at java.nio.file.Files.createDirectory(Files.java:674)
	at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
	at java.nio.file.Files.createDirectories(Files.java:767)
	at hudson.FilePath.mkdirs(FilePath.java:3098)
	at hudson.FilePath.access$900(FilePath.java:209)
	at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
	at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
	at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
	at hudson.remoting.UserRequest.perform(UserRequest.java:212)
	at hudson.remoting.UserRequest.perform(UserRequest.java:54)
	at hudson.remoting.Request$2.run(Request.java:369)
	at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)

It appears that Jenkins tries to create a tools@tmp directory at the same level as tools. Yet, there is absolutely no reason for the tools root directory to be writable for any user.
And as far as /opt is concerned here, for sure it must not be writable for anybody else than root.

Additionnally, such @tmp directory is not removed once the build is achieved. Even though it seems that the directory is empty, I think that Jenkins should remove it to give back a clean environment.

jlpinardon created issue - 2018-07-26 12:08

jlpinardon made changes - 2018-07-26 12:17

Description

Original: In order to install some internal tools within {{/opt/tools}} through a Jenkins job, I have created a {{/opt/tools}} directory belonging to _{{jenkins:jenkins}}_ and where user {{jenkins}} only (the user running the slave) has rwx rights.
Trying something like :
{code:java}
stages {
  steps('xyz') {
    dir('/opt/tools') {
       sh "pwd"
    }
  }
}
{code}
Fails with an exception ending with :
{code:java}
java.nio.file.AccessDeniedException: /opt/iotb@tmp
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
at java.nio.file.Files.createDirectory(Files.java:674)
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
at java.nio.file.Files.createDirectories(Files.java:767)
at hudson.FilePath.mkdirs(FilePath.java:3098)
at hudson.FilePath.access$900(FilePath.java:209)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
at hudson.remoting.UserRequest.perform(UserRequest.java:212)
at hudson.remoting.UserRequest.perform(UserRequest.java:54)
at hudson.remoting.Request$2.run(Request.java:369)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
{code}
It appears that Jenkins tries to create a tools@tmp directory at the same level as {{tools}}. Yet, there is absolutely no reason for the {{tools}} root directory to be writable for any user.
And as far as *_{{/opt}}_* is concerned here, _it must no be writable for anybody else than root_.

New: In order to install some internal tools within {{/opt/tools}} through a Jenkins job, I have created a {{/opt/tools}} directory belonging to _{{jenkins:jenkins}}_ and where user {{jenkins}} only (the user running the slave) has rwx rights.
Trying something like :
{code:java}
stages {
  steps('xyz') {
    dir('/opt/tools') {
       sh "pwd"
    }
  }
}
{code}
Fails with an exception ending with :
{code:java}
java.nio.file.AccessDeniedException: /opt/tools@tmp
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
at java.nio.file.Files.createDirectory(Files.java:674)
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
at java.nio.file.Files.createDirectories(Files.java:767)
at hudson.FilePath.mkdirs(FilePath.java:3098)
at hudson.FilePath.access$900(FilePath.java:209)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
at hudson.remoting.UserRequest.perform(UserRequest.java:212)
at hudson.remoting.UserRequest.perform(UserRequest.java:54)
at hudson.remoting.Request$2.run(Request.java:369)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
{code}
It appears that Jenkins tries to create a tools@tmp directory at the same level as {{tools}}. Yet, there is absolutely no reason for the {{tools}} root directory to be writable for any user.
And as far as *_{{/opt}}_* is concerned here, _it must no be writable for anybody else than root_.

Andrew Bayer made changes - 2018-08-07 13:57

Component/s		New: workflow-basic-steps-plugin [ 21712 ]
Component/s	Original: pipeline [ 21692 ]

jlpinardon made changes - 2018-08-20 09:30

Description

Original: In order to install some internal tools within {{/opt/tools}} through a Jenkins job, I have created a {{/opt/tools}} directory belonging to _{{jenkins:jenkins}}_ and where user {{jenkins}} only (the user running the slave) has rwx rights.
Trying something like :
{code:java}
stages {
  steps('xyz') {
    dir('/opt/tools') {
       sh "pwd"
    }
  }
}
{code}
Fails with an exception ending with :
{code:java}
java.nio.file.AccessDeniedException: /opt/tools@tmp
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
at java.nio.file.Files.createDirectory(Files.java:674)
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
at java.nio.file.Files.createDirectories(Files.java:767)
at hudson.FilePath.mkdirs(FilePath.java:3098)
at hudson.FilePath.access$900(FilePath.java:209)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
at hudson.remoting.UserRequest.perform(UserRequest.java:212)
at hudson.remoting.UserRequest.perform(UserRequest.java:54)
at hudson.remoting.Request$2.run(Request.java:369)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
{code}
It appears that Jenkins tries to create a tools@tmp directory at the same level as {{tools}}. Yet, there is absolutely no reason for the {{tools}} root directory to be writable for any user.
And as far as *_{{/opt}}_* is concerned here, _it must no be writable for anybody else than root_.

New: In order to install some internal tools within {{/opt/tools}} through a Jenkins job, I have created a {{/opt/tools}} directory belonging to _{{jenkins:jenkins}}_ and where user {{jenkins}} only (the user running the slave) has rwx rights.
Trying something like :
{code:java}
stages {
  steps('xyz') {
    dir('/opt/tools') {
       sh "pwd"
    }
  }
}
{code}
Fails with an exception ending with :
{code:java}
java.nio.file.AccessDeniedException: /opt/tools@tmp
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
at java.nio.file.Files.createDirectory(Files.java:674)
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
at java.nio.file.Files.createDirectories(Files.java:767)
at hudson.FilePath.mkdirs(FilePath.java:3098)
at hudson.FilePath.access$900(FilePath.java:209)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1216)
at hudson.FilePath$Mkdirs.invoke(FilePath.java:1212)
at hudson.FilePath$FileCallableWrapper.call(FilePath.java:2913)
at hudson.remoting.UserRequest.perform(UserRequest.java:212)
at hudson.remoting.UserRequest.perform(UserRequest.java:54)
at hudson.remoting.Request$2.run(Request.java:369)
at hudson.remoting.InterceptingExecutorService$1.call(InterceptingExecutorService.java:72)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
{code}
It appears that Jenkins tries to create a tools@tmp directory at the same level as {{tools}}. Yet, there is absolutely no reason for the {{tools}} root directory to be writable for any user.
And as far as *_{{/opt}}_* is concerned here, for sure _it must not be writable for anybody else than root_.

Additionnally, such _@tmp_ directory is not removed once the build is achieved. Even though it seems that the directory is empty, I think that Jenkins should remove it to give back a clean environment.

Vivek Pandey made changes - 2018-12-18 15:44

Labels

Original: pipeline

New: pipeline pipeline-triaged

yoni made changes - 2023-07-17 18:56

Assignee

New: yoni [ yonizabari ]

yoni made changes - 2023-07-17 18:57

Assignee

Original: yoni [ yonizabari ]

Assignee:: Unassigned

Reporter:: jlpinardon

Votes:: 16 Vote for this issue

Watchers:: 22 Start watching this issue

Created:: 2018-07-26 12:08

Updated:: 2023-07-17 18:59

Jenkins

Details

Description

Attachments

Activity

People

Dates