Best practices to avoid Jenkins error: sudo: no tty present and no askpass program specified

I believe you are looking for this option from man sudoers

   requiretty      If set, sudo will only run when the user is logged in to a real tty.  When this flag     
                   is set, sudo can only be run from a login session and not via other means such as        
                   cron(8) or cgi-bin scripts.  This flag is off by default.     

here are my recommendations in order of most secure to least secure:

1) don't let jenkins sudo at all. if you're doing package builds, look into fakeroot. jenkins doesn't need root to build software.

2) if you do need jenkins to have root, consider either restricting the sudo abilities with the sudoers Cmnd options.

3) run jenkins on a disposable VM. if someone roots it, rebuild it and re-evalutate your security choices. I would also recommend running jenkins as an intranet service, only accessible via LAN or VPN. don't forget to include authentication!

if you run a sudo as a jenkins user as part of a script you need two things.

1. exact copy of the command.. like /bin/chown www-data /var/www

2. sudo -n exact command

the -n will tell it not to ask for a prompt if its a NOPASSWD.

this fixed me up for running sudo in a script that jenkins calls