jenkins agent on mac directory not accessible

Question

I am trying to start jenkins agent on Mac Mini with following /Library/LaunchDaemons/com.jenkins.ci.plist

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>Label</key>
        <string>com.jenkins.ci</string>
        <key>UserName</key>
        <string>jenkins</string>
        <key>SessionCreate</key>
        <true/>
        <key>ProgramArguments</key>
        <array>
            <string>/usr/bin/java</string>
            <string>-Djava.awt.headless=true</string>
            <string>-jar</string>
            <string>/Users/jenkins/agent.jar</string>
            <string>-jnlpUrl</string>
            <string>http://jenkins2.domain.net:8080/computer/jenkins-mac/slave-agent.jnlp</string>
            <string>-secret</string>
            <string>23erft6yhujnhyujnbftyujbvcdrtyhbvcxswedaw</string>
            <string>-workDir</string>
            <string>"/Users/jenkins/jenkins_slave/"</string>
        </array>
        <key>RunAtLoad</key>
        <true/>
        <key>KeepAlive</key>
        <true/>
        <key>StandardErrorPath</key>
        <string>/Users/jenkins/error.log</string>
        <key>StandardOutPath</key>
        <string>/Users/jenkins/stdout.log</string>
    </dict>
    </plist>

Then sudo launchctl load /Library/LaunchDaemons/com.jenkins.ci.plist

But in the /Users/jenkins/error.log

I see

    Exception in thread "main" java.io.IOException: The specified working directory should be fully accessible to the remoting executable (RWX): "/Users/jenkins/jenkins_slave/"
        at org.jenkinsci.remoting.engine.WorkDirManager.verifyDirectory(WorkDirManager.java:249)
        at org.jenkinsci.remoting.engine.WorkDirManager.initializeWorkDir(WorkDirManager.java:202)
        at hudson.remoting.Launcher.run(Launcher.java:300)
        at hudson.remoting.Launcher.main(Launcher.java:283)

I have opened up /Users/jenkins/jenkins_slave/ with 777 still getting this error.

jenkins2-slave3:~ jenkins$ ls -ld /Users/jenkins/jenkins_slave/
drwxrwxrwx  5 jenkins  jenkins  160 Nov 13  2018 /Users/jenkins/jenkins_slave/
jenkins2-slave3:~ jenkins$ ls -ld /Users/jenkins/
drwxr-xr-x+ 44 jenkins  staff  1408 Jun  5 10:12 /Users/jenkins/

If I run following on mac as jenkins user, it works

/usr/bin/java -Djava.awt.headless=true -jar /Users/jenkins/agent.jar -jnlpUrl http://jenkins2.domain.net:8080/computer/jenkins-mac/slave-agent.jnlp -secret 23erft6yhujnhyujnbftyujbvcdrtyhbvcxswedaw -workDir "/Users/jenkins/jenkins_slave/"

Anyone knows what's wrong here ?

System Software Overview:

  System Version: macOS 10.14.4 (18E226)
  Kernel Version: Darwin 18.5.0
  Boot Volume: Macintosh HD
  Boot Mode: Normal
  Computer Name: jenkins-slave
  User Name: jenkins (jenkins)
  Secure Virtual Memory: Enabled
  System Integrity Protection: Enabled
  Time since boot: 7 days 23:11

Answer 1

So the reason it works for "jenkins" user is because Jenkins creates a Application account with jenkins user which has permissions to run/access Jenkins(and its folders- in your case -workDir "/Users/jenkins/jenkins_slave/"). That is why jenkins can run the command but when you try to run it with sudo it fails.

Why does it fail with sudo ?

That's mainly because there is directory higher in the tree where you do not have execute permission, so even with 777, you will still not be able to run it.

Instead do a chown or usermod on the directory to the user that you wish to get access

sudo usermod -a -G rohit git

for more information https://askubuntu.com/questions/812513/permission-denied-in-777-folder

Answer 2

I had the same issue. The problem was the quotes for the directory:

<string>"/Users/jenkins/jenkins_slave/"</string>

Just remove them and it will work:

<string>/Users/jenkins/jenkins_slave/</string>