How to configure the default Umask for Bamboo Data Center or remote agent

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Summary

By default, files created by Bamboo or remote agents are stored on the filesystem with a default umask value of 0027. However, there are specific scenarios in which it is necessary to modify the default umask. For instance, when access needs to be granted to other groups for the files generated by Bamboo.

The steps outlined below will guide you through the process of changing this default umask, ensuring that you can effectively manage access.

We use this permission level as default to be compliant with Tomcat's security recommendations as you can see in the section of their documentation below:

File permissions should also be suitably restricted. In the .tar.gz distribution, files and directories are not world readable and the group does not have write access. On Unix like operating systems, Tomcat runs with a default umask of 0027 to maintain these permissions for files created while Tomcat is running (e.g. log files, expanded WARs, etc.).

(warning) If you want to proceed with this change, make sure you're aware of all possible risks that this may bring to your environment


Environment

Any version of Bamboo and remote agent

Solution

Bamboo

Option 1: Export the umask environment variable at the setenv.sh file:

  1. Stop Bamboo

  2. Add the following line to <bamboo install>/bin/setenv.sh, following on the next line after JVM_SUPPORT_RECOMMENDED_ARGS="". i.e.:

    JVM_SUPPORT_RECOMMENDED_ARGS=""
export UMASK=0022
  3. Start Bamboo back

Option 2: Adjust the default value directly at the catalina.sh file:

  1. Shutdown Bamboo

  2. Edit the file <bamboo install>/bin/catalina.sh and modify the following to be “0022”:

    if [ -z "$UMASK" ]; then
    UMASK="0027"
fi
umask $UMASK
  3. Start Bamboo back


(info) The above processed should set the umask to 0022 for the Bamboo environment and as consequence, any files created by local agents should use this permission mask.

There are certainly other ways to do that like changing the umask at the shell profile. The main idea is that if the UMASK environment variable is set, Bamboo will use its value as default instead of 0027.


Remote Agent

  1. Stop the agent
  2. Edit the <Bamboo_Agent_Home>/conf/wrapper.conf file

  3. Add the following property to it:

    wrapper.umask=0022
    tip/resting Created with Sketch.

    Change the 0022 to the desired umask.

  4. Start the agent


Last modified on Nov 15, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.