__creating_dedicated_user_JIRA_Standalone
A dedicated user should be created to run JIRA, as JIRA runs as the user it is invoked under and therefore can potentially be abused. For example:
- If your operating system is *nix-based (for example, Linux or Solaris), type the following in a console:
$ sudo /usr/sbin/useradd --create-home --comment "Account for running JIRA" --shell /bin/bash jira
- If your operating system is Windows:
- Create the dedicated user account by either:
- Typing the following at the Windows command line:
> net user jira mypassword /add /comment:"Account for running JIRA"
(This creates a user account with user name 'jira' and password 'mypassword'. You should choose your own password.) - Opening the Windows 'Computer Management' console to add your 'jira' user with its own password.
- Typing the following at the Windows command line:
- (Optional) Use the Windows 'Computer Management' console to remove the 'jira' user's membership of all unnecessary Windows groups, such as the default 'Users' group.
If Windows is operating under a Microsoft Active Directory, ask your Active Directory administrator to create your 'jira' account (with no prior privileges).
- Create the dedicated user account by either:
Ensure that only the following directories can be written to by this dedicated user account (e.g. 'jira'):
- The following subdirectories of your JIRA Installation Directory for 'recommended' JIRA distributions (or for JIRA WAR distributions, the installation directory of the Apache Tomcat application running JIRA):
logstempwork
- Your JIRA Home Directory.
Do not make the JIRA Installation Directory itself writeable by the dedicated user account.
See also Tomcat security best practices.
Last modified on Jul 19, 2011
Powered by Confluence and Scroll Viewport.