Health Check: File Permissions in Jira and Confluence Data Center
Platform Notice: Data Center Only - This article only applies to Atlassian apps on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
This health check verifies that files under configured important directories have correct permission bits according to the security policy.
What this health check does
The health check reads the list of configured important directories, scans files under those directories, and compares owner and group permissions with the expected security policy. If it finds any deviations, it reports the health check as FAIL, logs each violating path with the failure reason, and includes the required policy in each log entry so you can apply the correct settings.
Health check results
Icon | Result | What it means |
✅ | All file permissions are correctly configured. | All checked files under the configured important directories comply with the configured security policy. No further action is required. This message applies to single-node instances. |
✅ | All file permissions are correctly configured on node <node-id>. Run this health check on the other nodes if you've received an error notification. | All checked files under the configured important directories comply with the configured security policy on this particular node. No further action is required. This message applies to clustered instances. |
⚠️ | <n> file permission issues found: <directory 1> - <x> findings <directory 2> - <y> findings … | More than 10 files have incorrect permissions. The message lists key directories with violations and their counts. Use the log output to identify each affected item and apply the correct permissions. |
⚠️ | <n> file permission issues found on node <node-id>: <directory 1> - <x> findings <directory 2> - <y> findings … | More than 10 files have incorrect permissions. The message lists key directories with violations and their counts on this particular node. Use the log output to identify each affected item and apply the correct permissions. |
⚠️ | File permission issues found: <file path 1> - read permission must not be granted to everyone <file path 2> - execute permission must not be granted to group "<group name>” … | One to ten files have incorrect permissions. The message lists these files and their violation reasons. You can also check the log output for policies related to the failed directories and use them to fix the issues. |
⚠️ | File permission issues found on node <node-id>: <file path 1> - read permission must not be granted to everyone <file path 2> - execute permission must not be granted to group "<group name>” … | One to ten files have incorrect permissions. The message lists these files and their violation reasons on this particular node. You can also check the log output for policies related to the failed directories and use them to fix the issues. |
Resolution
Identify all violations
Open the application logs on the host and locate the entries using the health check headline (search for File Permissions Validation). It appears as follows:
===============================================================================
File Permissions Validation - FAILED
===============================================================================
<n> error(s) found:
[ERROR] /path/to/important/directory/1/
Policy:
readable by: application, group
writable by: application
Violation(s):
/path/to/important/directory/1/file-name: read permissions must not be granted to everyone
...This section lists all file permission violations by directory. Each directory includes the policy used for validation.
Apply required permissions
First, ensure you have the necessary operating system permissions (for example, by using sudo). Set permissions for each violating file according to the parent directory's policy.
You can run the following command for individual files if violations are few:
chmod 640 /path/to/important/directory/1/file-nameOr apply permission changes to all files in the specific directory:
sudo find /path/to/important/directory/1 -type f -exec chmod 640 {} +For POSIX-compliant file systems, the log file ends the File Permission Validation report section with specific commands. Use these commands only after verifying them:
The following command(s) should fix the errors reported above
(assuming the files are owned by the user running the application):
<list of commands to fix permissions>
===============================================================================Re-run the health check
Open Troubleshooting and support tools UI, locate the File System → File Permissions health check, and confirm it reports no file permissions violations.
Was this helpful?