Confluence Home and Installation - owners and permissions

steinrr May 14, 2015

I am running Confluence on Ubuntu Linux 14.10 and its working fine.

Confluence is running as a separate user called "confluence" and a corresponding group.

I have one folder for Confluence installation:
/usr/local/confluence/atlassian-confluence-5.7.4

This folder and all its subfolders are owned by the confluence user/group.

I have one folder for Confluence home:
/var/lib/confluence

This folder and all its subfolders are also owned by confluence user/group. This Confluence home folder is also home folder for the "confluence" user.

My questions:

1) What user should own Confluence installation folder?
2) What user should own Confluence home folder?
3) What should be the permissions on Confluence installation folder and subfolder/files?
4) What should be the permissions on Confluence home folder and subfolder/files?

I have not managed to find any detailed information on this, and I guess there are some security recommendations here? I tried e.g. to change owner of Confluence home folder to root, but then the site did not work (it was possible to start) - even if contents/permissions/owners of the contents of home folder was unchanged.

Any advice for a secure site?

3 answers

2 votes
rrudnicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 15, 2015

Hi Stein,

 

1) What user should own Confluence installation folder?
You can use any user do you want. Just avoid root for security reasons.

2) What user should own Confluence home folder?
Yes, and I also recommend you to have the owner on Confluence install folder

3) What should be the permissions on Confluence installation folder and subfolder/files?
You can put in any folder that the Confluence user has permission to acces (read/write). A good start would be /opt, but if you want, you also can have a look on Filesystem Hierarchy Standard to better understand where should be the "correct" directory.
http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard

4) What should be the permissions on Confluence home folder and subfolder/files?
If you create a user called "confluence", just use this two commands:
chown -R confluence.confluence <confluence-home> <confluence-install>
chmod -R 775 <confluence-home> <confluence-install>

For some reason you cannot run/login on Confluence, check if do you have apparmor and iptables enable. If so, disable them or create a rule allowing Confluence.

Any advice for a secure site?
Yes, don't run Conflunce as root, use strong passwords and ALWAYS have a backup :).

Regards,
Renato Rudnicki

0 votes
steinrr May 15, 2015

Thanks for your answers! These are in line with what I have done.

The reason for double checking this is that I read here:

https://confluence.atlassian.com/display/DOC/Creating+a+Dedicated+User+Account+on+the+Operating+System+to+Run+Confluence

Ensure that only the following directories can be written to by this dedicated user account (e.g. 'confluence'):

So if these folders are the only one requiring write access - why should the HOME folder be owned by the "confluence user" - as long as HOME folder has read access for the "confluence" user and those 3 folders have write access by the confluence user?

Is the documentation wrong on this point?

The same page also says:

 

Do not make the Confluence Installation Directory itself writeable by the dedicated user account.

Which is also not in line with the responses above.

I am confused.

 

0 votes
salehparsa
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
May 15, 2015

Hi Stein,

As you've got a separate user for running your Confluence (confluence user) Owner of home directory should be confluence user as well. Otherwise you can't start Confluence due to the lack of permissions smile In the other word, <confluence-home> and <confluence-install> directories and all sub folders should have Full Read/Write permissions. In this case, I'd say confluence user must have those full permissions against mentioned directory. Just for your information,  Here is one of the known issue which is related to the permissions of home folder and installation directory that might help you to get a better picture about it.

Hope it helps! smile

Cheers,

Saleh

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events