Find the Best Cosmetic Hospitals

Explore trusted cosmetic hospitals and make a confident choice for your transformation.

โ€œInvest in yourself โ€” your confidence is always worth it.โ€

Explore Cosmetic Hospitals

Start your journey today โ€” compare options in one place.

Rundeck Community Edition: Authentication & Authorization Tutorial

Here’s a detailed tutorial for Authentication and Authorization in Rundeck Community Edition. This guide includes setup for both file-based authentication and role-based access control (RBAC) using ACL policy files.


๐Ÿ” Rundeck Community Edition: Authentication & Authorization Tutorial

๐Ÿงฐ Prerequisites

  • Rundeck Community Edition installed (Ubuntu/Windows)
  • Admin access to the server (root or sudo)
  • Basic knowledge of YAML and properties files

๐Ÿ—๏ธ 1. Authentication in Rundeck

Rundeck CE uses JAAS (Java Authentication and Authorization Service) for authentication. By default, it authenticates users from a realm.properties file.

๐Ÿ“‚ Location of the file

/etc/rundeck/realm.properties  # Linux
C:\rundeck\server\config\realm.properties  # Windows
Code language: PHP (php)

๐Ÿ“Œ Format

username: password, role1,role2,...
Code language: HTTP (http)

โœ… Example

admin: admin123, admin, user
devuser: devpass, dev
viewonly: viewpass, read
Code language: HTTP (http)

๐Ÿ”’ You can generate password hashes using tools like htpasswd or openssl passwd -crypt.

To apply changes, restart Rundeck:

sudo systemctl restart rundeckd

๐ŸŽญ 2. Authorization in Rundeck (Access Control)

Rundeck uses ACL (Access Control List) policy files (YAML format) to define who can do what.

๐Ÿ“‚ ACL Policy Directory

/etc/rundeck/aclpolicy/

Each file must end with .aclpolicy and be readable by the Rundeck process.


๐Ÿงฑ 2.1 Example: Admin Policy

admin.aclpolicy

description: Admin Policy
context:
  project: '.*'
for:
  project:
    - match:
        name: '.*'
      allow: ['*']
  node:
    - allow: ['*']
  job:
    - allow: ['*']
  adhoc:
    - allow: ['*']
  resource:
    - allow: ['*']
by:
  group: [admin]
Code language: JavaScript (javascript)

๐Ÿงช 2.2 Example: Developer Policy (limited job run rights)

developer.aclpolicy

description: Dev Policy
context:
  project: '.*'
for:
  job:
    - allow: [read, run]
  node:
    - allow: [read]
by:
  group: [dev]
Code language: JavaScript (javascript)

๐Ÿ” 2.3 Example: Read-Only User

readonly.aclpolicy

description: ReadOnly Policy
context:
  project: '.*'
for:
  job:
    - allow: [read]
  node:
    - allow: [read]
  project:
    - allow: [read]
  resource:
    - allow: [read]
by:
  group: [read]
Code language: JavaScript (javascript)

โš™๏ธ 3. Managing Users and Roles

Edit realm.properties to assign users to roles (groups), which map to the group: field in your ACLs.

User: john, Role: dev

john: dev123, dev
Code language: HTTP (http)

Then, make sure your ACL file references group: [dev].


๐Ÿšฆ 4. Verifying Access

  • Login to Rundeck Web UI as different users.
  • Validate access by attempting to:
    • View/run jobs
    • Execute ad-hoc commands
    • View project settings
  • Unauthorized attempts will show “Access Denied”

๐Ÿ›ก๏ธ 5. Tips & Best Practices

  • Keep ACL files small and modular (admin.aclpolicy, dev.aclpolicy, etc.)
  • Validate ACL syntax with rundeck logs (/var/log/rundeck/service.log)
  • Use .* regex cautiouslyโ€”it grants access to all projects
  • Set appropriate permissions on /etc/rundeck/aclpolicy/: sudo chown -R rundeck:rundeck /etc/rundeck/aclpolicy/

๐Ÿ“Ž Summary

FeatureTool/Config File
Authentication/etc/rundeck/realm.properties
Authorization/etc/rundeck/aclpolicy/*.aclpolicy
Access by RoleMapped via group: in ACL
Restart Rundecksudo systemctl restart rundeckd

๐Ÿ“š References


Here is your Rundeck configuration in Markdown (markup) format with:

  • โœ… A realm.properties spec for user-role mapping
  • โœ… A unified ACL .aclpolicy file with RBAC for Dev, QA, and DevOps roles

๐Ÿ” realm.properties

# /etc/rundeck/realm.properties

Rajesh: rajesh123, dev
Brad: brad123, qa
Raimy: raimy123, devops, dev
Andry: andry123, dev
Kevin: kevin123, qa
Code language: PHP (php)

โ„น๏ธ Passwords here are in plain text. You can replace them with hashed versions for security.


๐Ÿ“œ access-rbac.aclpolicy

# /etc/rundeck/aclpolicy/access-rbac.aclpolicy

description: RBAC policy for Dev, QA, and DevOps roles
context:
  application: 'rundeck'
for:
  project:
    - match:
        name: '.*'
      allow: ['read']
  job:
    - match:
        name: '.*'
      allow: ['read', 'run']
  node:
    - allow: ['read']
  adhoc:
    - allow: ['read']
  resource:
    - allow: ['read']
by:
  group: [dev, qa, devops]

---
# DevOps elevated privileges
description: DevOps Admin Rights
context:
  application: 'rundeck'
for:
  job:
    - allow: ['create', 'update', 'delete', 'read', 'run']
  node:
    - allow: ['read', 'run']
  project:
    - allow: ['read', 'configure']
  resource:
    - allow: ['read', 'create']
  storage:
    - allow: ['read', 'create', 'update', 'delete']
  system:
    - allow: ['admin']
by:
  group: [devops]
context:
  application: 'rundeck'

Code language: PHP (php)

๐Ÿงพ Summary Table

UserPasswordRoles Assigned
Rajeshrajesh123dev
Bradbrad123qa
Raimyraimy123dev, devops
Andryandry123dev
Kevinkevin123qa
RolePermissions Granted
devRead & Run jobs, read nodes/projects
qaSame as dev (read + run only)
devopsFull system rights including job/project/config

Let me know if you want:

  • Separate ACLs per role (dev.aclpolicy, etc.)
  • Project-specific permissions
  • A packaged .zip with these files

Find Trusted Cardiac Hospitals

Compare heart hospitals by city and services โ€” all in one place.

Explore Hospitals
I'm Rajesh Kumar, a DevOps, SRE, DevSecOps, Cloud, and Platform Engineering expert passionate about sharing practical knowledge, real-world experiences, and industry best practices. I have worked at Cotocus and regularly write about technology, travel, investing, health, product reviews, and digital marketing through my various platforms. I publish technical articles at DevOps School, travel stories at Holiday Landmark, stock market insights at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow, and SEO and digital marketing strategies at Wizbrand.

Related Posts

Top 10 AI SEO Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, AI SEO tools have become indispensable for digital marketers, businesses, and content creators aiming to dominate search engine rankings. These tools leverage artificial intelligence…

Read More

Top 10 Product Lifecycle Management (PLM) Tools in 2026: Features, Pros, Cons & Comparison

Introduction Product Lifecycle Management (PLM) is a strategic approach to managing a productโ€™s journey from conception through design, manufacturing, and end-of-life. In 2026, PLM software has evolved…

Read More

Top 10 Patch Management Tools in 2026: Features, Pros, Cons & Comparison

Introduction: The Importance of Patch Management in 2026 In 2026, as cyber threats evolve and technology becomes more complex, patch management tools are critical for maintaining cybersecurity…

Read More

Top 10 Headless CMS Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, Headless Content Management Systems (CMS) have become the go-to solution for businesses seeking flexibility, scalability, and a modern approach to content management. Unlike traditional…

Read More

Top 10 AI Lead Scoring Tools in 2026: Features, Pros, Cons & Comparison

Introduction In 2026, AI lead scoring tools have become indispensable for B2B and B2C businesses aiming to optimize their sales pipelines. These tools leverage artificial intelligence to…

Read More

Top 10 AI Portfolio Optimization Tools in 2026: Features, Pros, Cons & Comparison

Introduction Investment management has always been about making smart choices at the right time. Traditionally, this required endless hours of research, manual calculations, and intuition. But in…

Read More
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
0
Would love your thoughts, please comment.x
()
x