Creating a Dedicated User Account on the Operating System to Run Confluence
A dedicated user should be created to run Confluence, because Confluence runs as the user it is invoked under and therefore can potentially be abused.
This is optional if you're evaluating Confluence, but is required for production installations. If you used the Confluence installer on Linux, this user will be created automatically.
Create a dedicated user account
Linux
If your operating system is *nix-based (for example, Linux or Solaris), type the following in a console:
$ sudo /usr/sbin/useradd --create-home --comment "Account for running Confluence" --shell /bin/bash confluence
Windows
If your operating system is Windows create the dedicated user account by typing the following at the Windows command line:
> net user confluence mypassword /add /comment:"Account for running Confluence"
(This creates a user account with user name 'confluence' and password 'mypassword'. You should choose your own password.)
Alternatively, open the Windows 'Computer Management' console to add your 'confluence' user with its own password.
Next, Use the Windows 'Computer Management' console to remove the 'confluence' user's membership of all unnecessary Windows groups, such as the default 'Users' group.
If Windows is operating under Microsoft Active Directory, ask your Active Directory administrator to create your 'confluence' account (with no prior privileges).
Allow the account to write to specific Confluence directories
Ensure that the following directories can be read and written to by this dedicated user account (e.g. 'confluence'):
- The Confluence Installation Directory, particularly these sub-directories:
logs
temp
work
- Your Confluence Home directory.
Linux
To achieve this in Linux run the following commands:
sudo chown -R confluence <confluence-home-folder>/
sudo chown -R confluence <confluence-install-folder>/logs
sudo chown -R confluence <confluence-install-folder>/work
sudo chown -R confluence <confluence-install-folder>/temp
The other install directories should be left as root as those are controlled by the installer and allow for future upgrades:
sudo chmod -R u=rwx,g=rx,o=rx <confluence-install-folder>
sudo chmod -R u=rwx,g=rx,o=rx <confluence-home-folder>
See also Best Practices for Configuring Confluence Security.