Setting Hudson's process user on Mac+Tomcat

Synopsis

I have Hudson set up on our Mac OS Server (Snow Leopard 10.6.5), running under the standard Tomcat (so, Tomcat 6) which is enabled using Server Admin application.

I'd like to be able to run my Hudson scripts as a Unix user/login which is not the Tomcat login.

Details

My Hudson job is a freestyle project that runs bash scripts that invoke xcodebuild (it's an iPhone project) to clean开发者_如何学编程 and build the build.

The problem is that using this standard set-up, Hudson (as far as I can see) runs with Tomcat's Unix user, which is _appserver.

This means that _appserver is the user which is invoking xcodebuild and all the scripts that make up the job.

I would prefer for Hudson to have it's own Unix login, complete with home directory etc. Aside from being a bit happier about the permissions etc. of the login which is trying to do the build, Xcode itself seems to prefer the user to have a Home directory, and the build logs are filled with warnings such as:

2010-11-11 17:29:11.729 Interface Builder Cocoa Touch Tool[58771:1903] CFPreferences: user home directory at file://localhost/var/empty/Library/Application%20Support/iPhone%20Simulator/User/ is unavailable. User domains will be volatile.

and

Couldn't open shared capabilities memory GSCapabilities (No such file or directory)

Plus I suspect getting the provisioning profiles to work to build device builds would be a lot easier if the login was a standard login that can build the targets from Xcode.

BUT I totally can't find any way to set the login account! It seems like exactly the sort of thing you'd want to do, but have scoured the web for info to no avail. The tomcat-users.xml felt like it may be useful, but didn't seem to link to a "real" (Unix) user?

Another approach may be to live with Hudson being _appserver, but have the scripts themselves run as my build user. This seems to point to using sudo but everything seems to be so locked down I can't find a way to run a script as another user, even one I can lock down to have minimal security access...?

Hope you can help folks!

The simplest way to achieve what you want (and the only way I know how) would be:

Create a new slave in Hudson, and point it to the Hudson server (your master system will also now be a new slave); have it log in using SSH, but with the user credentials that you want to use for the build (lets say 'hudson').

Point your project to build on the slave. This way, your job does not depend on Tomcat (or its user), but on the slave login.

In steps:

1) Click on 'Build Executor Status'
2) On the left sidebar, click on New Node
3) Give the slave a name, click "Dumb Slave", and "OK"
4) Number of executors = 1
5) remote FS root = /home/<hudson_user>
6) Launch method = UNIX SSH or JNLP
7) If launch = SSH: host = ip address of master, 
   username = hudson, password =     hatever_password
8) If launch = JNLP, log in as the hudson user, go to hudson and start 
    the web service from your hudson site
9) Configure your job to use your slave (restrict where this project can be run)
9a) Possibly, under configuration, turn off all executors on your master, 
    and use the new slave for anything you need to build.

I know it sounds a bit convoluted, but if you need any more explanation or have any questions, let me know.