Creating a Dedicated User Account on the Operating System to Run Confluence
This step is optional if you are evaluating Confluence, but should be mandatory for Confluence installations used in production. If you have used the Confluence installer on Linux, this user will be created automatically.
A dedicated user should be created to run Confluence, because Confluence runs as the user it is invoked under and therefore can potentially be abused. For example:
- If your operating system is *nix-based (for example, Linux or Solaris), type the following in a console:
$ sudo /usr/sbin/useradd --create-home --comment "Account for running Confluence" --shell /bin/bash confluence
- If your operating system is Windows:
- Create the dedicated user account by either:
- Typing the following at the Windows command line:
> net user confluence mypassword /add /comment:"Account for running Confluence"
(This creates a user account with user name 'confluence' and password 'mypassword'. You should choose your own password.) - Opening the Windows 'Computer Management' console to add your 'confluence' user with its own password.
- Typing the following at the Windows command line:
- (Optional) Use the Windows 'Computer Management' console to remove the 'confluence' user's membership of all unnecessary Windows groups, such as the default 'Users' group.
If Windows is operating under Microsoft Active Directory, ask your Active Directory administrator to create your 'confluence' account (with no prior privileges).
- Create the dedicated user account by either:
Ensure that the following directories can be read and written to by this dedicated user account (e.g. 'confluence'):
- The Confluence Installation Directory, particularly these sub-directories:
logs
temp
work
- Your Confluence Home directory.
See also Best Practices for Configuring Confluence Security.