Fix directory and file permissions in Linux for Jira Server or Data Center
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
On many occasions, Jira is not able to run properly due to file or directory permission error. You may see errors mentioning "permission denied" or that Jira cannot create some files or directories.
Environment
Any version of Jira installed in a Linux environment
Diagnosis
- Manually checking Jira's Home and Installation directory shows that the ownership of some files/directories is not of the expected Jira user.
- Files and directories may also lack the proper read/write/execute permissions.
Errors in the logs will vary. Example errors include:
JIRA couldn't create the jira.home directory
java.lang.IllegalStateException: java.io.IOException: Permission denied Caused by: java.io.IOException: Permission denied java.io.FileNotFoundException: atlassian-jira.log (Permission denied) org.apache.catalina.startup.HostConfig.beforeStart Unable to create directory for deployment: [path to the directory]
Cause
Jira was likely started with a different user (commonly root) at some point, causing the ownership of the necessary files/directories to be changed.
Even if you specify a user to start Jira in user.sh, this will only be enforced if Jira is started using start-jira.sh. If Jira was started with startup.sh, Jira will run as the user who executed the script, thus possibly causing the ownership of files/directories to be changed.
Solutions
There are two options to fix the issue.
Option 1 is to correct the file and directory permissions on a case-by-case basis. This is Atlassian's preferred solution.
Option 2 is to correct all file and directory permissions simultaneously.
Note about files/directories permissions
In this document we suggest the minimum access to files and directories, which is full access to the Linux user running the Jira process and no access to group nor to other.
This is the same suggestion in 2024-09-06_13-13-30_Installing Jira applications on Linux from Archive File product documentation.
If you believe different files and directories permissions are necessary to your environment you should pair with your Linux administrator to determine the best solution.
Option 1 (Preferred): Fix the permissions on a case by case basis
You will first need to find out the user who installed Jira. There are 3 methods to do this.
- From The System Info page on your Jira instance:
- From a Support Zip ( application.xml file ) search for <JIRA_USER>
- From the
$JIRA_HOME/log/atlassian-jira.log
, search for 'user.name'
- From The System Info page on your Jira instance:
You will also need to know the group the user belongs to run Jira and most of the time the group name is the same as the username that runs Jira
If you're unsure of what these permissions should be, please consult with your System Administrator and the user who installed JIRA.
If you are the user who installed Jira, you can see these details by running these commands:
whoami (this will tell your exact username) id -g -n (this will tell your group name)
Next, depending on the actual path in the error, execute the 2 lines below to fix the permission of the Jira Home & Installation directory
sudo chown -R jirauser:jiragroup /path/referenced/in/the/error sudo chmod -R u=rwx,o-rwx /path/referenced/in/the/error
You may also want to create particular directories manually instead of granting the access on the upper directories, i.e.:
mkdir -p /path/referenced/in/the/error
Substitute Jira with the correct user that installed Jira and the path with the correct path to the respective directory
- Restart Jira and check the logs ($JIRA_INST/logs/catalina.out), $JIRA_HOME/logs/atlassian-jira.log) for any other permission denied errors and repeat steps 2 and 3 above until Jira is fully operational
Option 2:
Disclaimer: The following steps suggest to fix the permissions on all Jira sub directories at once.
While this approach is the quickest to fix the issue, modifying the permissions on all Jira directories is not recommended because:
- It can potentially make the Jira server vulnerable to remote code execution attacks (see https://confluence.atlassian.com/jira/security-addendum-2010-04-16-preventing-security-attacks-216433277.html for details).
- On certain customer installations, setting a too permissive file permissions on access files in the directory such as jmx access files can cause the system to halt.
- Follow Steps 1 to 2 to identify the user running Jira
Next, execute the following commands to fix the permissions on all Jira folders:
sudo chown -R jirauser:jiragroup /path/to/jira-local-home sudo chown -R jirauser:jiragroup /path/to/jira-install sudo chown -R jirauser:jiragroup /path/to/jira-shared-home sudo chmod -R u=rwx,go-rwx,o-rwx /path/to/jira-local-home sudo chmod -R u=rwx,go-rwx,o-rwx /path/to/jira-install sudo chmod -R u=rwx,go-rwx,o-rwx /path/to/jira-shared-home
On latest Red Hat Enterprise installations the permission path should be the parent of the local home.
As an example, if the local home is at /var/atlassian/jira/local-home then the command to be run should be:sudo chown -R jirauser:jiragroup /var/atlassian/
Symbolic links
Jira might still fail to start even if the permissions are correct after running the commands to fix the permission of the JIRA Home & Installation directory.
The following error will be present:
Setup: JIRA couldn't create the jira.home directory
Ensure JIRA has permission to create and write to the jira.home directory /jira-home.
Review our documentation for more information on setting your JIRA home.
This can be caused by a symbolic link hidden in the JIRA Home directory.
Follow the Resolution in Symbolic Link in JIRA Home during upgrading using Installer will throw 'java.lang.OutOfMemoryError: GC overhead limit exceeded'.
Also, in some cases error is observed when the home directory is not defined and ensure $JiraHome directory is defined to fix it.