We are setting up Bamboo in our company, We foresee a risk in Script task. This task gives a privileged to delete what ever folder in the server . How to over come this
Example : We have installed Bamboo in Linux server under /usr/local/bamboo . With Script task defined in a plan can delete this folder
Bamboo is an application that runs stuff that users want it to run. Malicious commands can be run in a multiple ways because almost every build tool allows you to run some shell commands (maven, ant, grails). If you really don't trust your users then as Mike and Daniel proposed:
This way you'll limit your potential damage to the single agent.
I believe that applies to agents only.
And even there I don't really see a problem. The person who writes the task anyway often needs admin access on agents.
But I aggree, there should be some optional protection.
Set up the agent to run as a non-privileged user. It's the nature of build servers. Doesn't matter if it's script. You have the same issue with ant, maven or any other build scripts.
You can lock down the permissions where the application installation is done and only allow the bamboo_home dir opened up for the user to write to. If you really want to protect yourself - don't use local agents. Then run the remote agents as non privileged users. That way if somebody does a rm -rf it would only be able to hurt that one agent.
Hi everyone, welcome to the kb articles for Opsgenie FAQs. I'm one of the Technical Support Engineers for Opsgenie who will be providing weekly posts on FAQs from customers. All alerts are ...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events