I have a jenkins configuration on my server that automatically created the
Jenkins user, which is used for its os operations. However, I need Jenkins to stop and start a service (via
systemctl) after a specific construction is completed.
My current script (which is executed after a compilation of
frontend) looks like this:
sudo systemctl stop myapp rm -f /opt/myapp/myapp.jar target mv / myapp.jar / opt / myapp sudo systemctl start myapp
For this to work, I simply added the
Jenkins user in sudoers file for all commands without password prompt:
jenkins ALL = (ALL: ALL) NOPASSWD: ALL
Is it safe to do that? Which vulnerabilities do I expose? Is there a better way to do this? If yes, how?