https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90038#M2957 <P>I am also having this problem on Solaris 10.</P> <P>Ray - did anyone ever get back to you?</P> <P>Adam</P> Tue, 14 Jun 2011 18:54:33 GMT adamhmitchell 2011-06-14T18:54:33Z https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90037#M2956 <P>I've installed Splunk Universal Forwarder 4.2.1 on Solaris 10 (x86 and SPARC), but I can't get them to run as a non-root user. I followed the instructions at <A href="http://www.splunk.com/base/Documentation/latest/installation/RunSplunkasadifferentornon-rootuser">http://www.splunk.com/base/Documentation/latest/installation/RunSplunkasadifferentornon-rootuser</A> to chown $SPLUNK_HOME and set the splunk user privs, but I get the following errors when trying to run Splunk as the splunk user:</P> <P>$ id<BR /><BR /> uid=40104(splunk) gid=144(splunk)<BR /> $ /opt/splunkforwarder/bin/splunk start --accept-license</P> <P>This appears to be your first time running this version of Splunk.<BR /> terminate called after throwing an instance of 'ConfPathHasNoWriter'<BR /> what(): Could not find writer for: /nobody/system/server/sslConfig [1] [/opt/splunkforwarder/etc]<BR /> Abort - core dumped</P> <P>Splunk&gt; Finding your faults, just like mom.</P> <P>Checking prerequisites...<BR /> Checking mgmt port [8089]: open<BR /> Creating: /opt/splunkforwarder/var/lib/splunk<BR /> Creating: /opt/splunkforwarder/var/lib/splunk/appserver/i18n<BR /> Creating: /opt/splunkforwarder/var/lib/splunk/appserver/modules/static/css<BR /> Creating: /opt/splunkforwarder/var/run/splunk<BR /> Creating: /opt/splunkforwarder/var/run/splunk/upload<BR /> Creating: /opt/splunkforwarder/var/spool/splunk<BR /> Creating: /opt/splunkforwarder/var/spool/dirmoncache<BR /> Creating: /opt/splunkforwarder/var/lib/splunk/authDb<BR /> Creating: /opt/splunkforwarder/var/lib/splunk/hashDb<BR /> New certs have been generated in '/opt/splunkforwarder/etc/auth'.<BR /> terminate called after throwing an instance of 'ConfPathHasNoWriter'<BR /> what(): Could not find writer for: /nobody/system/server/sslConfig [1] [/opt/splunkforwarder/etc]<BR /> ERROR: pid 28316 terminated with signal 6 (core dumped)<BR /> Checking conf files for typos...<BR /> terminate called after throwing an instance of 'ConfPathHasNoWriter'<BR /> what(): Could not find writer for: /nobody/system/server/sslConfig [1] [/opt/splunkforwarder/etc]<BR /> ERROR: pid 28317 terminated with signal 6 (core dumped)<BR /> There might be typos in your conf files. For more information, run 'splunk btool check --debug'<BR /> All preliminary checks passed.</P> <P>Starting splunk server daemon (splunkd)... <BR /> terminate called after throwing an instance of 'ConfPathHasNoWriter'<BR /> what(): Could not find writer for: /nobody/system/server/general [1] [/opt/splunkforwarder/etc]<BR /> ERROR: pid 28325 terminated with signal 6 (core dumped)</P> <P>Timed out waiting for splunkd to start.</P> <P>Any ideas? I didn't have this problem when trying on an Ubuntu server with Splunk Universal Forwarder 4.2.</P> <P>Thanks,<BR /> Ray</P> Wed, 27 Apr 2011 16:17:26 GMT https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90037#M2956 leeraym 2011-04-27T16:17:26Z https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90038#M2957 <P>I am also having this problem on Solaris 10.</P> <P>Ray - did anyone ever get back to you?</P> <P>Adam</P> Tue, 14 Jun 2011 18:54:33 GMT https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90038#M2957 adamhmitchell 2011-06-14T18:54:33Z https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90039#M2958 <P>Hi Adam,</P> <P>No answers so far. I just let it run as root since it wasn't really a big deal to me. Would be nice if I could have it run as splunk though.</P> <P>Ray</P> Tue, 14 Jun 2011 19:43:42 GMT https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90039#M2958 leeraym 2011-06-14T19:43:42Z https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90040#M2959 <P>Ray (and all) - I was able to fix this issue today with chmod and still run the agent as 'splunk':</P> <P>chmod +w /opt/splunkforwarder/etc/system</P> <P>The error was this:</P> <P>06-14-2011 16:01:45.163 -0400 ERROR BundlesUtil - Cannot create parent directory: /opt/splunkforwarder/etc/system/metadata: Permission denied</P> <P>And the root problem was the permissions on the parent directory. It was owned by 'splunk' but wasn't writable:</P> <P>bash-3.00$ ls -ld /opt/splunkforwarder/etc/system/<BR /><BR /> dr-xr-xr-x 7 splunk splunk 7 Jun 14 14:44 /opt/splunkforwarder/etc/system/</P> <P>Hope it works for you too!</P> <P>Adam</P> Wed, 15 Jun 2011 17:16:38 GMT https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90040#M2959 adamhmitchell 2011-06-15T17:16:38Z https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90041#M2960 <P>Hi leeraym</P> <P>I have filed a bug report and this one is currently being processed @splunk. As soon as it's fixed I'll let you know.<BR /> btw what is your exact release version where this happened?</P> <P>cheers</P> Tue, 23 Aug 2011 05:26:27 GMT https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90041#M2960 MuS 2011-08-23T05:26:27Z https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90042#M2961 <P>This is a known issue (SPL-40616) in the Solaris Universal Forwarder package's setup with incorrect permissions being set. This was reported in the pkg under 4.2.2 and 4.2.3 </P> <P>As indicated above, the workaround is to chmod for <CODE>$SPLUNK_HOME/etc/system</CODE><BR /> from 555 to 755.</P> <P>The fix will be addressed in a forthcoming maintenance release.</P> <P>Reference to this can also be found in the <A href="http://docs.splunk.com/Documentation/Splunk/4.2.3/ReleaseNotes/Knownissues#Distributed_deployment.2C_forwarder.2C_deployment_server.2C_and_deployment_monitor_issues">Release Notes Known Issues</A></P> Wed, 31 Aug 2011 15:35:21 GMT https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90042#M2961 Ellen 2011-08-31T15:35:21Z https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90043#M2962 <P>How to run splunk as non-root if boot-start is enabled?,If this is installed as non-root, how do you enable the boot-start?</P> Thu, 29 Sep 2016 09:37:39 GMT https://community.splunk.com/t5/Security/Starting-Splunk-Universal-Forwarder-as-non-root/m-p/90043#M2962 viril 2016-09-29T09:37:39Z