I do not want new users to be able to sign up. So in Jenkin's Configuration, I disabled "Allow users to sign up" with using Jenkin's own user database.
But how can I manually add users now? Also, is there a default admin user I should take care of?
Add Users to Jenkins with "Allow users to sign up" Disabled
Asked Answered
There is "Create Users" in "Manage Jenkins".
Also note that this icon is not shown if you don't have the Jenkins security realm set as "Jenkins own user database" under "Manage Jenkins" > "Configure Global Security" –
Boden
But how does one add the first user then? If I turn on security I'm logged out. –
Semitic
On Jenkins 1.595, I don't see any "Create Users" or "Manage Users" –
Learn
This is the worst security setup I have ever seen ;) You have to first enable Security under "Global Security", and you have to select "Jenkins own user database" and do not forget to select all users have own rights and users can sign up themselves, otherwise you have blocked yourself quite efficiently. –
Shroudlaid
@Shroudlaid your comment is not just a comment, it's the correct answer :-) Perhaps you might create a answer? –
Hippo
I agree it's not a great security setup. However I've found a way to do it: Manage Jenkins -> Jenkins own user database, Anyone can do anything. Then you are not forced to login or signup. Manage Jenkins -> Manage Users and you create your users, then setup security accordingly. –
But
@iGbanam This is because you must first Enable Security. –
Mouser
I'm glad I'm not the only one who assumed enabling Security with no users wouldn't let anybody log in! Fortunately Jenkins is smart enough to not do that. –
Haye
In case "Allow users to sign up" was already disabled and security turned on and there is no user you can use to login the only way to go is to change Jenkins configuration manually on the server and restart server.
Thing to change is in Jenkins Home folder i config.xml file. change
<useSecurity>true</useSecurity>
to
<useSecurity>false</useSecurity>
restart and refresh browser
Voila!!!
as a side note, if you have setup matrix security addtional tags are added which will cause the bootstrap to fail. removing the authorizationStrategy and securityRealm tags will do the trick in the case where you have enabled matrix security. –
Incorruption
WARNING: This will disable security on your Jenkins installation and is not required in order to create new users. If your intent is to create new users and you have not lost access to your Jenkins installation, then I do not recommend this. –
Pooler
Manage Jenkins -> Jenkins own user database, Anyone can do anything. Then you are not forced to login or signup. Manage Jenkins -> Manage Users and you create your users, then setup security accordingly.
If you don't setup the security method first there is no way to add users.
A convenient way for configuring Jenkins is to edit the config.xml file directly and use the Manage Jenkins -> Reload configuration from Disk hyperlink instead of restarting the service.
It's Manage Jenkins -> Configure Global Security -> Jenkins own user database, Anyone can do anything. You answer helped me –
Amperage
WARNING: "anyone can do anything" means you have disabled security completely because anonymous is part of "anyone". I do not recommend this. –
Pooler
""anyone can do anything" ..., then setup security accordingly." This is just a temporary workaround so that you can set the security up. I also don't recommend leaving it with "Anyone can do anything" enabled - there is no sense of users then :)... –
But
The recommended way to handle this is to use matrix based security and leave sign up on. Set default permissions to nothing, this way when people sign up they can't actually do anything until you explicitly grant them permissions. If you don't want to leave the sign up on for some reason, you will have to enable to add users and then disable when you are done. As far as I know there is no way to add a user with sign up turned off unless you want to hand edit the config files.
There is no default admin user, you will want to make sure you add yourself with max permissions or you risk getting locked out when you enable security.
Ok, so I should not add usernames that have not yet registered to the matrix, otherwise I risk some intruder to register with such a username and instantly getting the set permissions. –
Narcosis
Yes, you will also want to make sure that you add a group to the matrix called "Authenticated" with no default permissions. This will ensure that anyone who registers has to wait until you explicitly add them with a higher permissions level before they can access anything. –
Hypochlorite
I've removed all permissions of user "Anonymous", isn't that enough to make registered users which are not listed in the matrix not see anything? Is "Authenticated" some builtin group? And how can I add users to groups? –
Narcosis
Yes, Authenticated is a built in group. Any logged in user is added to this group by default. Anonymous only covers users who are not logged in. –
Hypochlorite
I tried signing up as a user not in the matrix. I just get
Status Code: 404 from the server then. Looks safe to me? –
Narcosis Also, adding
Authenticated to the matrix shows a big red minus at the left of the name indicating that this user/group does not exist. –
Narcosis WARNING: Allowing sign up (even if you don't allow signed up accounts permissions by default) leaves your Jenkins installation vulnerable to zero-day vulnerabilities which require an account in order to do privilege escalation. I do not recommend this. –
Pooler
© 2022 - 2024 — McMap. All rights reserved.
/securityRealm/addUser) – Milo