Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,252,518
Community Members
 
Community Events
164
Community Groups

Confluence Home and Installation - owners and permissions

I am running Confluence on Ubuntu Linux 14.10 and its working fine.

Confluence is running as a separate user called "confluence" and a corresponding group.

I have one folder for Confluence installation:
/usr/local/confluence/atlassian-confluence-5.7.4

This folder and all its subfolders are owned by the confluence user/group.

I have one folder for Confluence home:
/var/lib/confluence

This folder and all its subfolders are also owned by confluence user/group. This Confluence home folder is also home folder for the "confluence" user.

My questions:

1) What user should own Confluence installation folder?
2) What user should own Confluence home folder?
3) What should be the permissions on Confluence installation folder and subfolder/files?
4) What should be the permissions on Confluence home folder and subfolder/files?

I have not managed to find any detailed information on this, and I guess there are some security recommendations here? I tried e.g. to change owner of Confluence home folder to root, but then the site did not work (it was possible to start) - even if contents/permissions/owners of the contents of home folder was unchanged.

Any advice for a secure site?

3 answers

2 votes
rrudnicki Atlassian Team May 15, 2015

Hi Stein,

 

1) What user should own Confluence installation folder?
You can use any user do you want. Just avoid root for security reasons.

2) What user should own Confluence home folder?
Yes, and I also recommend you to have the owner on Confluence install folder

3) What should be the permissions on Confluence installation folder and subfolder/files?
You can put in any folder that the Confluence user has permission to acces (read/write). A good start would be /opt, but if you want, you also can have a look on Filesystem Hierarchy Standard to better understand where should be the "correct" directory.
http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard

4) What should be the permissions on Confluence home folder and subfolder/files?
If you create a user called "confluence", just use this two commands:
chown -R confluence.confluence <confluence-home> <confluence-install>
chmod -R 775 <confluence-home> <confluence-install>

For some reason you cannot run/login on Confluence, check if do you have apparmor and iptables enable. If so, disable them or create a rule allowing Confluence.

Any advice for a secure site?
Yes, don't run Conflunce as root, use strong passwords and ALWAYS have a backup :).

Regards,
Renato Rudnicki

Thanks for your answers! These are in line with what I have done.

The reason for double checking this is that I read here:

https://confluence.atlassian.com/display/DOC/Creating+a+Dedicated+User+Account+on+the+Operating+System+to+Run+Confluence

Ensure that only the following directories can be written to by this dedicated user account (e.g. 'confluence'):

So if these folders are the only one requiring write access - why should the HOME folder be owned by the "confluence user" - as long as HOME folder has read access for the "confluence" user and those 3 folders have write access by the confluence user?

Is the documentation wrong on this point?

The same page also says:

 

Do not make the Confluence Installation Directory itself writeable by the dedicated user account.

Which is also not in line with the responses above.

I am confused.

 

Hi Stein,

As you've got a separate user for running your Confluence (confluence user) Owner of home directory should be confluence user as well. Otherwise you can't start Confluence due to the lack of permissions smile In the other word, <confluence-home> and <confluence-install> directories and all sub folders should have Full Read/Write permissions. In this case, I'd say confluence user must have those full permissions against mentioned directory. Just for your information,  Here is one of the known issue which is related to the permissions of home folder and installation directory that might help you to get a better picture about it.

Hope it helps! smile

Cheers,

Saleh

Suggest an answer

Log in or Sign up to answer
TAGS
Community showcase
Published in Confluence Cloud

Presenter Mode for Confluence is here 🖥 👩‍💻

👋  Hello Community!  My name is Stephanie Zhang, and I’m a product manager on the Confluence cloud team. Today, I’m excited to announce the rollout of  Presenter Mode : a ...

1,774 views 17 36
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you