376314 – Separate permission for accessing slave jnlp file

Bug 376314 - Separate permission for accessing slave jnlp file

Summary: Separate permission for accessing slave jnlp file

Status:	NEW

Alias:	None

Product:	Hudson
Classification:	Technology
Component:	Core (show other bugs)
Version:	unspecified
Hardware:	All All

Importance:	P3 enhancement (vote)
Target Milestone:	---
Assignee:	Winston Prakash
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2012-04-09 06:32 EDT by Anders Hammar
Modified:	2013-02-04 20:54 EST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Anders Hammar

2012-04-09 06:32:41 EDT

Build Identifier: 2.2.0

In an (enterprise) environment where Hudson security is enabled (and most likely linked to LDAP), the slaves need to authenticate and have permission to access the jnlp file. The slaves' accounts are system accounts and their permissions should be kept separate from the users', but there is no separate configurable permission for reading the jnlp file.

In a scenario where all users need to authenticate to have read access, in today's Hudson read access has ot be assigned the the slaves' accounts so that they can access the jnlp files. If anyone gets hold of a slave's (system) account, he/she will get read access without using a correct user account. Giving permission to read the jnlp file should not involve giving general read access to Hudson.

A workaround is to log in and download the jnlp file and store is somewhere else (like locally on the slave).

Reproducible: Always