Authelia process does not have the correct permissions to read the files and how to fix it

The error messages that indicate that Authelia is unable to access the secret files in the specified paths due to file permission issues. This typically happens when the user running the Authelia process does not have the correct permissions to read the files.

Here’s how you can troubleshoot and resolve this:

  1. Check File Permissions:

    • Ensure that the files in /config/secrets/ and their directories are readable by the user running the Authelia service.
    • You can adjust the permissions using the chmod command. For example:
      chmod 644 /config/secrets/mariadb/
      chmod 644 /config/secrets/session
      chmod 644 /config/secrets/jwtsecret
      chmod 644 /config/secrets/oidc.pem
      chmod 644 /config/secrets/storage
      chmod 644 /config/secrets/redis
      
    • Additionally, ensure the directory /config/secrets/ is accessible:
      chmod 755 /config/secrets/
      
  2. Check File Ownership:

    • Ensure that the files are owned by the user running the Authelia process. You can change the ownership using the chown command:
      chown authelia:authelia /config/secrets/mariadb/
      chown authelia:authelia /config/secrets/session
      chown authelia:authelia /config/secrets/jwtsecret
      chown authelia:authelia /config/secrets/oidc.pem
      chown authelia:authelia /config/secrets/storage
      chown authelia:authelia /config/secrets/redis
      
  3. Verify the Path:

    • Double-check that the paths provided in the Authelia configuration file match the actual file paths.
  4. Run the Service with Sufficient Privileges:

    • If Authelia is running in a container, ensure that the container has the necessary permissions to access the host’s filesystem.
    • If necessary, adjust the user permissions within the container.
  5. Configure the JWKS:

    • The final error message, identity_providers: oidc: option jwks is required, indicates that the JWKS (JSON Web Key Set) configuration is missing. Make sure that you have correctly configured this in your authelia.yml under the identity_providers section for OpenID Connect (OIDC).

This solves the error mostly.