https://community.splunk.com/t5/All-Apps-and-Add-ons/Forwarder-running-as-Splunk-user/m-p/551122#M65586 <P>You could try giving Splunk access to all .bash_history files using <FONT face="courier new,courier">setfacl</FONT>.&nbsp; I don't know if the command has to be repeated when new users are added.</P> Mon, 10 May 2021 18:14:27 GMT richgalloway 2021-05-10T18:14:27Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Forwarder-running-as-Splunk-user/m-p/551110#M65582 <P>My Splunk forwarder is running as a splunk user and not root. What is the best way to grant this user read access to user's .bash_history logs without enforcing sudo? If I am not mistaken, theres no way for us to tell the splunk forwarder to run sudo and supply with its own creds again.</P><P>Any guidance will be very appreciated.</P> Mon, 10 May 2021 16:30:29 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Forwarder-running-as-Splunk-user/m-p/551110#M65582 logtastic 2021-05-10T16:30:29Z https://community.splunk.com/t5/All-Apps-and-Add-ons/Forwarder-running-as-Splunk-user/m-p/551122#M65586 <P>You could try giving Splunk access to all .bash_history files using <FONT face="courier new,courier">setfacl</FONT>.&nbsp; I don't know if the command has to be repeated when new users are added.</P> Mon, 10 May 2021 18:14:27 GMT https://community.splunk.com/t5/All-Apps-and-Add-ons/Forwarder-running-as-Splunk-user/m-p/551122#M65586 richgalloway 2021-05-10T18:14:27Z