File with hudson user permissions not accessible from hudson build

Question

We have a hudson + php + phing setup running on Ubuntu 12.04

We have a set of credentials files which we want to secure. The files are in /usr/lib/vocanic-credentials/. All files here are either accessible by www-data or hudson (we have configured group access credentials).

With this setup, when I log in as hudson and run the phing command from bash, everything works fine. When running the same through the hudson build process (by going to 'Build Now' on web interface), it fails by saying Permission Denied.

[01;35m[PHP Error] include(.../hudson_dev_vocanic_mantle_build.php): 
failed to open stream: Permission denied [line 3 of /.../utils_config.inc.php][m
[01;35m[PHP Error] include(): Failed opening 
'/usr/lib/vocanic-credentials/hudson_dev_vocanic_mantle_build.php'
for inclusion (include_path='...') [line 3 of /.../utils_config.inc.php][m

When we change the permissions to allow "all" access, running from hudson web interface also works. So, we figured that the actual execution of hudson must be as some other user (though there isn't public document to that effect), we printed whoami from within our code and it seems to indicate 'hudson'.

Even accessing the file (without access to all) as hudson seem to work, as does it from bash - sudo -u hudson cat /usr/lib/vocanic-credentials/hudson_dev_vocanic_mantle_build.php.

At the moment, we don't know how to resolve this issue. Any help will be appreciated.

Answer 1

Sounds like it could be a permission issue with the Hudson user - after you added the hudson user to the group, did you restart the server? Try doing that, I imagine this should solve your issue.