Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Next challenges

Recent achievements

Recognition

  • Give kudos
  • My kudos

Leaderboard

  • Global

Trophy case

Kudos (beta program)

Kudos logo

You've been invited into the Kudos (beta program) private group. Chat with others in the program, or give feedback to Atlassian.

View group

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

bamboo build as specific User

Greetings, We have Linux based Bitbucket and Bamboo installations, where for instance the bamboo service is started by a user "bambooadmin". This works well for most basic repository accesses, builds and compiles in our unrestricted environment of code development. However, we have certain software repositories that require restricted user rights and when bamboo checks out from Bitbucket repositories, it does so as the Linux user bambooadmin. For security purposes, we cannot use a generic username and ideally we do not want a generic user with access to both restricted and unrestricted areas. We also have back-end processes that require the Bitbucket committing user to execute a specific script which will ideally be automated as the bamboo builder.

 

Without creating a custom plugin or extensive build plan scripts; is there away to define which user bamboo builds as? Such that bambooadmin either builds using the committing Bitbucket / Bamboo username credentials (crowd/LDAP) or Sudo's (restricted by SSH keys) the committing username? 

1 answer

0 votes
Daniel Wester Community Leader Jun 21, 2016

All right so it seems you've got 2 questions in one here.

Let's split them up:

However, we have certain software repositories that require restricted user rights and when bamboo checks out from Bitbucket repositories, it does so as the Linux user bambooadmin. For security purposes, we cannot use a generic username and ideally we do not want a generic user with access to both restricted and unrestricted areas.

Why would you want this this? Bamboo is a generic utility. It will check out the code and store it on disk (and more than likely the code will stay on disk until wiped). What's your scm(not sure if you're using Bitbucket Cloud)? If it's git you can maybe use bamboo specific ssh keys? That way the bamboo user has access to the repositories and it can be tracked through that?

I would not use sudo from the bamboo user or other ways of sharing credentials since that's just opening up a huge security hole (anyone that can become the bamboo user can then access your repositories - or worse - become the real users).

 We also have back-end processes that require the Bitbucket committing user to execute a specific script which will ideally be automated as the bamboo builder.

Again this is a security hole waiting to happen. Git and Mercurial both will allow somebody to inject other usernames into the history so somebody could potentially push somebody else's name into the history that could trigger things. In addition to this, you might have multiple people doing commits in a history which would make automation difficult. That said - you are given the previous and current sha in the metadata so you could pass them in. But from a security perspective I wouldn't trust it to much. If you're using it to generate release notes and that type of thing you'll probably be safe but if you're changing user's etc - it might be a bit scary (you mentioned security).

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Bamboo

Bamboo 7.1 is here and is packed with value!

I'm happy to announce that Bamboo 7.1 has been released and it’s overflowing with awesome new features. Top-voted issues First and foremost, a bunch of JAC top voted issues has been delivered - y...

694 views 1 6
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you