How are the file-level permissions usually configured on the shared home folder for attachments?
All the nodes in the cluster must be able to read and write files created by other nodes in the cluster, and I was wondering how this is usually configured in the file system (as there doesn't seem to be any options in JIRA to change how the files are written).
For my development instance, I created two JIRA instances on the same host. They ended up running under different user ids, and this caused issues because the first node created files as jira1/jira1 rwx------ , which couldn't be read by jira2.
Are there settings in JIRA to configure the group, r/w permissions etc, or is this completely done at the os level; configuring shared groups, umask etc,
Our plugin also writes files to the shared home directory, should I worry about permissions in my plugin, or is it up to the system admin to configure the file system correctly?
You are correct in assuming the permissions will need to be setup at the OS level and this would mean the admin would need to ensure the permissions are setup correctly before the plugin will be able to function as expected.
The reason you're seeing two different users is due to two installations on one machine. If you had two machines each one would run under the username jira. This is from the Set up the JIRA file storage location on shared storage section of the Installing JIRA Data Center guide:
There are multiple ways to do this, but the simplest is to use an NFS share. The mechanics of setting one is unique from installation to installation, and is outside the scope of this document. We recommend using a UNC file path to your storage location.
Assuming that the final mount point for this shared storage location is /data/jira/sharedhome :
In light of that you would want to do the following:
Hopefully that clears things up a bit!
The default installation does not support the following, as it just goes ahead and creates a local id on each install, but you can do the following:
- create a service account to run JIRA with.
- set permissions of the local home and shared home directories to this service account
- override JIRA on each node to run under the common account id. All nodes run under the same guid.
- if you setup jira to run as a service you can overide the id to run it under by setting value in <JIRA_INSTALL>/bin/user.sh (see https://confluence.atlassian.com/jirakb/how-to-set-the-user-jira-runs-as-in-linux-433390559.html)
it would be great is the installer would prompt for a service account id, and if none provided then go ahead and create the 'jira' one as it does now.
Hi, I'm product manager at Atlassian running research on preferable Data Center deployment options. I would highly appreciate if you could answer questions from a short survey on the topic. Your answers will help us a lot in prioritisation of new Data Center deployment options.
Survey → https://goo.gl/forms/hcwdsLi3yBiobXDG3
Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs