Security goes South

Owned by Selvyn Wright
Last updated: Mar 26, 2019
2 min read

If after you have created other users and want to restrict them, you have to go to Manage Jenkins / Configure Global Security.  Once here scroll down to "Authorization" and select "Matrix Based Security".  In the User/group to add: field type the users name - be careful NOT to press ENTER, press the Add button.  If you press ENTER and the root user hasn't been set up with full privileges (all columns are checked), you will be immediately locked out of Jenkins with no way in!!!

If you get locked out of Jenkins whilst setting up users access rights, edit the config.xml file (found in the Jenkins install directory).  Search for the XML tags shown below and replace them with the XML doc shown here.

enabling security
  <authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
    <denyAnonymousReadAccess>true</denyAnonymousReadAccess>
  </authorizationStrategy>
  <securityRealm class="hudson.security.HudsonPrivateSecurityRealm">
    <disableSignup>true</disableSignup>
    <enableCaptcha>false</enableCaptcha>
  </securityRealm>

Loosing the Admin password

If you forget the root/admin password, follow the steps below

Phase 1

  1. Locate the config.xml file in the jenkins home folder
  2. Edit the file, search for <userSecurity>true</userSecurity> and set it to false
  3. Restart jenkins, you will have access with no prompting for a username/password
  4. Goto configure jenkins/Global Security
  5. Select "Enable Security"
  6. Then under Security Realm" select "Jenkins' own user database", select  "Allow users to sign up"
  7. Press Save
  8. Restart the save from the shell, the login screen will appear
  9. Signup as a new user
    1. Jenkins will notify that you hve zero rights, proceed to Phase 2


Phase 2

  1. Locate the config.xml file in the jenkins home folder
  2. Edit the file, search for <userSecurity>true</userSecurity> and set it to false
  3. Restart jenkins, you will have access with no prompting for a username/password
  4. Goto configure jenkins/Global Security
  5. Select "Enable Security"
  6. Then under Security Realm" select "Jenkins' own user database", deselect  "Allow users to sign up"
  7. Under Authorization in the "User/group to Add" field type your new username that you created in Phase 1 and select Add
    1. your username will come up with a strike through meaning it can't find the user, ignore this
  8. In the matrix above the "User/group to Add" field, select all the fields that you want to associate with the user (scroll to the right and select all to give them all access rights - this is important as you need to create a new user with admin rights)
  9. Press Save
  10. Restart the save from the shell, your login appear
  11. Login with the new username