Cloud
Data Center 6.13
Versions

Creating a Dedicated User Account on the Operating System to Run Confluence

Confluence Installation Guide

On this page

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community

(info) This step is optional if you are evaluating Confluence, but should be mandatory for Confluence installations used in production. If you have used the Confluence installer on Linux, this user will be created automatically.

A dedicated user should be created to run Confluence, because Confluence runs as the user it is invoked under and therefore can potentially be abused. For example:

  • If your operating system is *nix-based (for example, Linux or Solaris), type the following in a console:
    $ sudo /usr/sbin/useradd --create-home --comment "Account for running Confluence" --shell /bin/bash confluence
  • If your operating system is Windows:
    1. Create the dedicated user account by either:
      • Typing the following at the Windows command line:
        > net user confluence mypassword /add /comment:"Account for running Confluence"
        (This creates a user account with user name 'confluence' and password 'mypassword'. You should choose your own password.)
      • Opening the Windows 'Computer Management' console to add your 'confluence' user with its own password.
    2. (Optional) Use the Windows 'Computer Management' console to remove the 'confluence' user's membership of all unnecessary Windows groups, such as the default 'Users' group.
      (tick) If Windows is operating under Microsoft Active Directory, ask your Active Directory administrator to create your 'confluence' account (with no prior privileges).

Ensure that the following directories can be read and written to by this dedicated user account (e.g. 'confluence'):

See also Best Practices for Configuring Confluence Security.

Confirm who can access Confluence directories in Windows

After installing Confluence you should check the permissions assigned to the installation directory, and make sure there are no unnecessary permissions being inherited. You can also repeat this process for the home directory. 

To check the permissions for the install directory:

  1. Right click your installation directory and select Properties.
  2. In the Security tab, select Advanced.
  3. Select Disable inheritance, and when prompted choose Convert inherited permissions into explicit permissions on this object
  4. Select OK.
  5. Select any group or user account that should not have access and choose Remove.
    We recommend limiting access to only the dedicated 'confluence' user and system administrator groups
  6. Select OK to apply changes to your install directory (and all sub-directories).  

To confirm your changes, log in to Windows with a normal user account, and check that you can't access the contents of the install directory. 

Last modified on Jul 5, 2021

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.