#295 new
Moses Lei

Allow differentiation of unix user that ran a job using "run" command line tool

Reported by Moses Lei | May 18th, 2011 @ 05:32 PM

Right now, all jobs that are kicked off using the "run" command line tool are treated and logged as if they are executed by "admin" (or more specifically, the value of framework.server.username).

This means that command line users have access to all jobs all the time and their executions are not specifically logged as being from them.

We need a mechanism that allows the unix user to be passed to the rundeck server process so that:

  1. aclpolicy can limit the jobs that the unix user can do.
  2. the user can be logged in the rundeck database as the executor of the job.

This assumes a direct mapping between unix users and rundeck users (for example if they authenticated from the same source); it would be nice not to require a password in this case.

We should also have a way to pass any arbitrary username/password for the same kind of purposes; this could be configured locally per account (perhaps via environment variable); see #247 for a related issue.

No comments found

Please Sign in or create a free account to add a new ticket.

With your very own profile, you can contribute to projects, track your activity, watch tickets, receive and update tickets through your email and much more.

New-ticket Create new ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile ยป

(DEPRECATED) Please use github issues for issue tracking at http://github.com/dtolabs/rundeck/issues

Shared Ticket Bins

People watching this ticket