Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Confluence Home and Installation - owners and permissions

steinrr
steinrr
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 14, 2015

I am running Confluence on Ubuntu Linux 14.10 and its working fine.

Confluence is running as a separate user called "confluence" and a corresponding group.

I have one folder for Confluence installation:
/usr/local/confluence/atlassian-confluence-5.7.4

This folder and all its subfolders are owned by the confluence user/group.

I have one folder for Confluence home:
/var/lib/confluence

This folder and all its subfolders are also owned by confluence user/group. This Confluence home folder is also home folder for the "confluence" user.

My questions:

1) What user should own Confluence installation folder?
2) What user should own Confluence home folder?
3) What should be the permissions on Confluence installation folder and subfolder/files?
4) What should be the permissions on Confluence home folder and subfolder/files?

I have not managed to find any detailed information on this, and I guess there are some security recommendations here? I tried e.g. to change owner of Confluence home folder to root, but then the site did not work (it was possible to start) - even if contents/permissions/owners of the contents of home folder was unchanged.

Any advice for a secure site?

Answer
Watch
Like David Pressley likes this
8251 views

3 answers

2 votes
rrudnicki
rrudnicki
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
May 15, 2015

Hi Stein,

 

1) What user should own Confluence installation folder?
You can use any user do you want. Just avoid root for security reasons.

2) What user should own Confluence home folder?
Yes, and I also recommend you to have the owner on Confluence install folder

3) What should be the permissions on Confluence installation folder and subfolder/files?
You can put in any folder that the Confluence user has permission to acces (read/write). A good start would be /opt, but if you want, you also can have a look on Filesystem Hierarchy Standard to better understand where should be the "correct" directory.
http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard

4) What should be the permissions on Confluence home folder and subfolder/files?
If you create a user called "confluence", just use this two commands:
chown -R confluence.confluence <confluence-home> <confluence-install>
chmod -R 775 <confluence-home> <confluence-install>

For some reason you cannot run/login on Confluence, check if do you have apparmor and iptables enable. If so, disable them or create a rule allowing Confluence.

Any advice for a secure site?
Yes, don't run Conflunce as root, use strong passwords and ALWAYS have a backup :).

Regards,
Renato Rudnicki

View More Comments
Eitan Postavsky
Eitan Postavsky
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
August 25, 2016

Instead of http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard, I find https://en.wikipedia.org/wiki/Unix_filesystem#Conventional_directory_layout to be much more illuminating.

Like
Reply
0 votes
steinrr
steinrr
I'm New Here
I'm New Here
Those new to the Atlassian Community have posted less than three times. Give them a warm welcome!
Get involved
May 15, 2015

Thanks for your answers! These are in line with what I have done.

The reason for double checking this is that I read here:

https://confluence.atlassian.com/display/DOC/Creating+a+Dedicated+User+Account+on+the+Operating+System+to+Run+Confluence

Ensure that only the following directories can be written to by this dedicated user account (e.g. 'confluence'):

So if these folders are the only one requiring write access - why should the HOME folder be owned by the "confluence user" - as long as HOME folder has read access for the "confluence" user and those 3 folders have write access by the confluence user?

Is the documentation wrong on this point?

The same page also says:

 

Do not make the Confluence Installation Directory itself writeable by the dedicated user account.

Which is also not in line with the responses above.

I am confused.

 

Reply
0 votes
salehparsa
salehparsa
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
Get recognized
May 15, 2015

Hi Stein,

As you've got a separate user for running your Confluence (confluence user) Owner of home directory should be confluence user as well. Otherwise you can't start Confluence due to the lack of permissions smile In the other word, <confluence-home> and <confluence-install> directories and all sub folders should have Full Read/Write permissions. In this case, I'd say confluence user must have those full permissions against mentioned directory. Just for your information,  Here is one of the known issue which is related to the permissions of home folder and installation directory that might help you to get a better picture about it.

Hope it helps! smile

Cheers,

Saleh

Reply

Suggest an answer

Log in or Sign up to answer
Confluence
Confluence
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Terms Security
    Welcome illustration

    Welcome to the new Atlassian Community

    Online forums and learning are now in one easy-to-use experience.

    By continuing, you accept the updated Community Terms of Use and acknowledge the Privacy Policy. Your public name, photo, and achievements may be publicly visible and available in search engines.