Mattermost security

Hi,

Does Mattermost server, need permissions for read and write in other directories than the data directory and the config directory?.

I was planning to improve our server security. As it’s opened to Internet I think it could be idea to do a :

chown root:root /mattermostdir
chown mattermost:mattermost /mattermostdir/datadir

I assume it does not need full permissions in all it’s directory… does it?.

Does another security advise, be convenient having in mind too?. We run Nginx in front of Mattermost too…

Your opinion would be highly appreciatted,
Cheers!

Hello, @egoitzr

As mentioned in step 6b in the Installing Mattermost Server documentation, the ownership of the mattermost user needs to be granted to the /opt/mattermost directory (assuming that it was installed in the default directory mentioned in the doc).

In your case, you will need to grant ownership to the mattermostdir directory to the mattermost user. Else, you will encounter the permission denied error in the mattermost.log when you attempt to perform some actions from the UI (eg. uploading plugin).

Besides setting up a proxy, you can read more about Mattermost security in the Security Overview page which includes the authentication, transmission, and many more.

Thank you so much ahmaddanial!!

1 Like