Is it possible to force Confluence not to reset permissions of its config file?

I noticed that each time I restart Confluence 5.9.12, permissions on confluence.cfg.xml are reset:

$ ls -l /var/atlassian/application-data/confluence/confluence.cfg.xml
-rw------- 1 confluence confluence 2227 May  9 11:20 /var/atlassian/application-data/confluence/confluence.cfg.xml
$ bin/start-confluence.sh

To run Confluence in the foreground, start the server with start-confluence.sh -fg
executing as current user
If you encounter issues starting up Confluence, please see the Installation guide at http://confluence.atlassian.com/display/DOC/Confluence+Installation+Guide

Server startup logs are located in /opt/atlassian/confluence/logs/catalina.out
Using CATALINA_BASE:   /opt/atlassian/confluence
Using CATALINA_HOME:   /opt/atlassian/confluence
Using CATALINA_TMPDIR: /opt/atlassian/confluence/temp
Using JRE_HOME:        /opt/atlassian/confluence/jre/
Using CLASSPATH:       /opt/atlassian/confluence/bin/bootstrap.jar:/opt/atlassian/confluence/bin/tomcat-juli.jar
Using CATALINA_PID:    /opt/atlassian/confluence/work/catalina.pid
Tomcat started.
$ ls -l /var/atlassian/application-data/confluence/confluence.cfg.xml
-rw-rw-r-- 1 confluence confluence 2227 May  9 13:08 /var/atlassian/application-data/confluence/confluence.cfg.xml

Notice that the permission was reset from 600 to 664 above.

This introduces security risks since the file is readable by everyone and it might (and normally does) contain db credentials.

Is there a way to ask Confluence not to reset the premissions?

2 answers

1 accepted

2 votes

Technically, Confluence isn't changing the permissions on the existing file. It actually recreates confluence.cfg.xml at launch, this 'new' file will have whatever the default permissions are set in the umask settings you have.

You can confirm the file creation via 

getfileinfo confluence.cfg.xml

You could change the default permissions for the Linux user that is used to start Confluence. There is a deep-dive into setting this at What is Umask and How To Setup Default umask Under Linux?

If you just want to set is for specific directories you could instead use setfacl. This appears to be a good resource, Linux setfacl command

I didn't test really far back but 5.9.x and 6.1.x both exhibit this behavior.

0 vote

That's strange, it doesn't do it on my installation.  There is code for it in "setup_user.sh", but it should only run once.

Which version of Confluence do you use?

In my case (Confluence 5.9.12) it does even more than that. It sorts the list of properties inside of the file.

Suggest an answer

Log in or Sign up to answer
How to earn badges on the Atlassian Community

How to earn badges on the Atlassian Community

Badges are a great way to show off community activity, whether you’re a newbie or a Champion.

Learn more
Community showcase
Posted Tuesday in Confluence

We want to see the templates you've created in Confluence!

Hi Community, Jessica here from the Confluence Product Marketing team!  July’s community challenge is all about sharing pictures  — and as an extension of our first post on what ...

467 views 19 9
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you