How to configure the default Umask for Bamboo server and remote agents

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

Purpose

The default umask value for modern versions of Bamboo (6.7+ versions) is 0027, there are some scenarios in which it's required to change this, like when you need to allow other groups to have access to the files generated by Bamboo for example. The steps below will show some of the tested options.

We use this permission level as default to be compliant with Tomcat's security recommendations as you can see in the section of their documentation below:

File permissions should also be suitably restricted. In the .tar.gz distribution, files and directories are not world readable and the group does not have write access. On Unix like operating systems, Tomcat runs with a default umask of 0027 to maintain these permissions for files created while Tomcat is running (e.g. log files, expanded WARs, etc.).

If you want to proceed with this change, make sure you're aware of all possible risks that this may bring to your environment

Solution

Server

Option 1: Set the default umask before starting the application (not persistent):

  1. Stop Bamboo
  2. On the same terminal run: umask 0022
  3. Still in the same terminal start the Bamboo process

Option 2: Export the umask environment variable at the setenv.sh file:

  1. Stop Bamboo

  2. Add the following line to <bamboo install>/bin/setenv.sh, following on the next line after JVM_SUPPORT_RECOMMENDED_ARGS="". i.e.:

    JVM_SUPPORT_RECOMMENDED_ARGS=""
export UMASK=0022
  3. Start Bamboo back

Option 3: Adjust the default value directly at the catalina.sh file:

  1. Shutdown Bamboo

  2. Edit the file <bamboo install>/bin/catalina.sh and modify the following to be “0022”:

    if [ -z "$UMASK" ]; then
    UMASK="0027"
fi
umask $UMASK
  3. Start Bamboo back



(info) The above processed should set the umask to 0022 for the Bamboo server environment and as consequence, any files created by local agents should use this permission mask.

There are certainly other ways to do that like changing the umask at the shell profile. The main idea is that if the UMASK environment variable is set, Bamboo will use its value as default instead of 0027.


Remote Agent

  1. Stop the agent
  2. Edit the <Bamboo_Agent_Home>/conf/wrapper.conf file

  3. Add the following property to it:

    wrapper.umask=0022
    tip/resting Created with Sketch.

    Change the 0022 to the desired umask.

  4. Start the agent


Last modified on Sep 21, 2021

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.