Security Realm by Custom Script Plugin: Group Command Script

> I am a system admin setting up Jenkins 1.477.  I have "Security Realm by custom script" plugin installed so I can customize my user authentication.  My question concerns the Group Command script.  I am thinking that this functionality provides a custom way to determine the group that a certain user belongs to (I could be wrong).  I am wanting assign privileges based on the group that the custom script determines they are in, i.e. admin, user or Anonymous (guest).  Am I getting the purpose of the custom group command script?  Would anyone happen to have such a script that they have successfully implemented.  Any help will be greatly appreciated.
>
> Thanks,
> Brad
>
> ----------------------------------------------------------------------
> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>
> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
> http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.

> Hi Brad,
> you'r right with the purpose of the group command script, thats exactly what it is for.
> The script can be any kind of shell script and should return 0 for any successful execution.
> a simple script would be like this:
>
> #!/bin/sh
> if [ "$U" == "domi" ]; then
> echo "admin,superuser"
> fi
>
> Domi
>
> On 14.08.2012, at 18:47, "Bowling, Brad" <[hidden email]> wrote:
>
>> I am a system admin setting up Jenkins 1.477.  I have "Security Realm by custom script" plugin installed so I can customize my user authentication.  My question concerns the Group Command script.  I am thinking that this functionality provides a custom way to determine the group that a certain user belongs to (I could be wrong).  I am wanting assign privileges based on the group that the custom script determines they are in, i.e. admin, user or Anonymous (guest).  Am I getting the purpose of the custom group command script?  Would anyone happen to have such a script that they have successfully implemented.  Any help will be greatly appreciated.
>>
>> Thanks,
>> Brad
>>
>> ----------------------------------------------------------------------
>> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
>> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
>> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>>
>> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
>> http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.
>

> Hi Brad,
> you'r right with the purpose of the group command script, thats exactly what it is for.
> The script can be any kind of shell script and should return 0 for any successful execution.
> a simple script would be like this:
>
> #!/bin/sh
> if [ "$U" == "domi" ]; then
> echo "admin,superuser"
> fi
>
> Domi
>
> On 14.08.2012, at 18:47, "Bowling, Brad" <[hidden email]> wrote:
>
>> I am a system admin setting up Jenkins 1.477.  I have "Security Realm by custom script" plugin installed so I can customize my user authentication.  My question concerns the Group Command script.  I am thinking that this functionality provides a custom way to determine the group that a certain user belongs to (I could be wrong).  I am wanting assign privileges based on the group that the custom script determines they are in, i.e. admin, user or Anonymous (guest).  Am I getting the purpose of the custom group command script?  Would anyone happen to have such a script that they have successfully implemented.  Any help will be greatly appreciated.
>>
>> Thanks,
>> Brad
>>
>> ----------------------------------------------------------------------
>> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
>> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
>> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>>
>> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:

> Hi Brad,
> you'r right with the purpose of the group command script, thats exactly what it is for.
> The script can be any kind of shell script and should return 0 for any successful execution.
> a simple script would be like this:
>
> #!/bin/sh
> if [ "$U" == "domi" ]; then
> echo "admin,superuser"
> fi
>
> Domi
>
> On 14.08.2012, at 18:47, "Bowling, Brad" <[hidden email]> wrote:
>
>> I am a system admin setting up Jenkins 1.477.  I have "Security Realm by custom script" plugin installed so I can customize my user authentication.  My question concerns the Group Command script.  I am thinking that this functionality provides a custom way to determine the group that a certain user belongs to (I could be wrong).  I am wanting assign privileges based on the group that the custom script determines they are in, i.e. admin, user or Anonymous (guest).  Am I getting the purpose of the custom group command script?  Would anyone happen to have such a script that they have successfully implemented.  Any help will be greatly appreciated.
>>
>> Thanks,
>> Brad
>>
>> ----------------------------------------------------------------------
>> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
>> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
>> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>>
>> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:

> Domi,
>
> In your example below, do you need to create the "admin" and  "superuser" groups within Jenkins assigning various privileges to each?
>
> -Brad
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Bowling, Brad
> Sent: Wednesday, August 15, 2012 1:22 PM
> To: [hidden email]
> Subject: RE: Security Realm by Custom Script Plugin: Group Command Script
>
> Thanks Domi.
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of domi
> Sent: Wednesday, August 15, 2012 1:13 PM
> To: [hidden email]
> Subject: Re: Security Realm by Custom Script Plugin: Group Command Script
>
> I also updated the documentation: https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Realm
> Domi
>
> On 15.08.2012, at 19:05, domi <[hidden email]> wrote:
>
>> Hi Brad,
>> you'r right with the purpose of the group command script, thats exactly what it is for.
>> The script can be any kind of shell script and should return 0 for any successful execution.
>> a simple script would be like this:
>>
>> #!/bin/sh
>> if [ "$U" == "domi" ]; then
>> echo "admin,superuser"
>> fi
>>
>> Domi
>>
>> On 14.08.2012, at 18:47, "Bowling, Brad" <[hidden email]> wrote:
>>
>>> I am a system admin setting up Jenkins 1.477.  I have "Security Realm by custom script" plugin installed so I can customize my user authentication.  My question concerns the Group Command script.  I am thinking that this functionality provides a custom way to determine the group that a certain user belongs to (I could be wrong).  I am wanting assign privileges based on the group that the custom script determines they are in, i.e. admin, user or Anonymous (guest).  Am I getting the purpose of the custom group command script?  Would anyone happen to have such a script that they have successfully implemented.  Any help will be greatly appreciated.
>>>
>>> Thanks,
>>> Brad
>>>
>>> ----------------------------------------------------------------------
>>> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
>>> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
>>> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>>>
>>> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
>
>
>>> http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.
>>
>
> ----------------------------------------------------------------------
> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>
> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
> http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.
>
> ----------------------------------------------------------------------
> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>
> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
> http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.

> Domi,
>
> In your example below, do you need to create the "admin" and  "superuser" groups within Jenkins assigning various privileges to each?
>
> -Brad
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of Bowling, Brad
> Sent: Wednesday, August 15, 2012 1:22 PM
> To: [hidden email]
> Subject: RE: Security Realm by Custom Script Plugin: Group Command Script
>
> Thanks Domi.
>
> -----Original Message-----
> From: [hidden email] [mailto:[hidden email]] On Behalf Of domi
> Sent: Wednesday, August 15, 2012 1:13 PM
> To: [hidden email]
> Subject: Re: Security Realm by Custom Script Plugin: Group Command Script
>
> I also updated the documentation: https://wiki.jenkins-ci.org/display/JENKINS/Script+Security+Realm
> Domi
>
> On 15.08.2012, at 19:05, domi <[hidden email]> wrote:
>
>> Hi Brad,
>> you'r right with the purpose of the group command script, thats exactly what it is for.
>> The script can be any kind of shell script and should return 0 for any successful execution.
>> a simple script would be like this:
>>
>> #!/bin/sh
>> if [ "$U" == "domi" ]; then
>> echo "admin,superuser"
>> fi
>>
>> Domi
>>
>> On 14.08.2012, at 18:47, "Bowling, Brad" <[hidden email]> wrote:
>>
>>> I am a system admin setting up Jenkins 1.477.  I have "Security Realm by custom script" plugin installed so I can customize my user authentication.  My question concerns the Group Command script.  I am thinking that this functionality provides a custom way to determine the group that a certain user belongs to (I could be wrong).  I am wanting assign privileges based on the group that the custom script determines they are in, i.e. admin, user or Anonymous (guest).  Am I getting the purpose of the custom group command script?  Would anyone happen to have such a script that they have successfully implemented.  Any help will be greatly appreciated.
>>>
>>> Thanks,
>>> Brad
>>>
>>> ----------------------------------------------------------------------
>>> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
>>> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
>>> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>>>
>>> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
>
>
>>> http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.
>>
>
> ----------------------------------------------------------------------
> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>
> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
> http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.
>
> ----------------------------------------------------------------------
> This message w/attachments (message) is intended solely for the use of the intended recipient(s) and may contain information that is privileged, confidential or proprietary. If you are not an intended recipient, please notify the sender, and then please delete and destroy all copies and attachments, and be advised that any review or dissemination of, or the taking of any action in reliance on, the information contained in or attached to this message is prohibited.
> Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Sender. Subject to applicable law, Sender may intercept, monitor, review and retain e-communications (EC) traveling through its networks/systems and may produce any such EC to regulators, law enforcement, in litigation and as required by law.
> The laws of the country of each sender/recipient may impact the handling of EC, and EC may be archived, supervised and produced in countries other than the country in which you are located. This message cannot be guaranteed to be secure or free of errors or viruses.
>
> References to "Sender" are references to any subsidiary of Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not Insured by Any Federal Government Agency. Attachments that are part of this EC may have additional important disclosures and disclaimers, which you should read. This message is subject to terms available at the following link:
> http://www.bankofamerica.com/emaildisclaimer. By messaging with Sender you consent to the foregoing.