Authelia process does not have the correct permissions to read the files and how to fix it

Guides & Tutorials Tutorials
, ,
1

The error messages that indicate that Authelia is unable to access the secret files in the specified paths due to file permission issues. This typically happens when the user running the Authelia process does not have the correct permissions to read the files.

Here’s how you can troubleshoot and resolve this:

  1. Check File Permissions:

    • Ensure that the files in /config/secrets/ and their directories are readable by the user running the Authelia service.
    • You can adjust the permissions using the chmod command. For example:
      chmod 644 /config/secrets/mariadb/
chmod 644 /config/secrets/session
chmod 644 /config/secrets/jwtsecret
chmod 644 /config/secrets/oidc.pem
chmod 644 /config/secrets/storage
chmod 644 /config/secrets/redis
    • Additionally, ensure the directory /config/secrets/ is accessible:
      chmod 755 /config/secrets/

  2. Check File Ownership:

    • Ensure that the files are owned by the user running the Authelia process. You can change the ownership using the chown command:
      chown authelia:authelia /config/secrets/mariadb/
chown authelia:authelia /config/secrets/session
chown authelia:authelia /config/secrets/jwtsecret
chown authelia:authelia /config/secrets/oidc.pem
chown authelia:authelia /config/secrets/storage
chown authelia:authelia /config/secrets/redis

  3. Verify the Path:

    • Double-check that the paths provided in the Authelia configuration file match the actual file paths.

  4. Run the Service with Sufficient Privileges:

    • If Authelia is running in a container, ensure that the container has the necessary permissions to access the host’s filesystem.
    • If necessary, adjust the user permissions within the container.

  5. Configure the JWKS:

    • The final error message, identity_providers: oidc: option jwks is required, indicates that the JWKS (JSON Web Key Set) configuration is missing. Make sure that you have correctly configured this in your authelia.yml under the identity_providers section for OpenID Connect (OIDC).

This solves the error mostly.