https://community.splunk.com/t5/Security/How-to-write-create-permission-under-etc-from-python/m-p/327049#M12732 <P>It seems to me that a python script (custom command and/or controller have no write permission under /etc)</P> <P>Is this me making a mistake or is this a default setting and if so, can it be overcome? (maybe not due to security considerations)</P> <P>I realize that for a search head cluster this could be non trivial .</P> Thu, 25 Jan 2018 17:44:27 GMT dominiquevocat 2018-01-25T17:44:27Z https://community.splunk.com/t5/Security/How-to-write-create-permission-under-etc-from-python/m-p/327049#M12732 <P>It seems to me that a python script (custom command and/or controller have no write permission under /etc)</P> <P>Is this me making a mistake or is this a default setting and if so, can it be overcome? (maybe not due to security considerations)</P> <P>I realize that for a search head cluster this could be non trivial .</P> Thu, 25 Jan 2018 17:44:27 GMT https://community.splunk.com/t5/Security/How-to-write-create-permission-under-etc-from-python/m-p/327049#M12732 dominiquevocat 2018-01-25T17:44:27Z https://community.splunk.com/t5/Security/How-to-write-create-permission-under-etc-from-python/m-p/327050#M12733 <P>Do you mean the system's <CODE>/etc</CODE>, or <CODE>$SPLUNK_HOME/etc</CODE>?</P> <P>If the former, I'd expect that to be the case, unless you have splunk running as root (and I hope you don't). If the latter, I can't see why a custom search command wouldn't have the same permissions to anything under <CODE>$SPLUNK_HOME</CODE>, considering it should be running as the same user. I don't believe <CODE>chroot</CODE> or anything similar is used when Splunk calls external commands.</P> Sun, 04 Feb 2018 02:40:01 GMT https://community.splunk.com/t5/Security/How-to-write-create-permission-under-etc-from-python/m-p/327050#M12733 micahkemp 2018-02-04T02:40:01Z