https://community.splunk.com/t5/Splunk-Enterprise/Permissions-issue-in-Docker-container/m-p/376857#M1172 <P>When splunk starts it seems to try and chown the config files (ie. web.conf) to whatever user splunk is currently running as. This causes an issue with Kubernetes deployments.</P> <P>When you mount configuration files through a ConfigMap it mounts the volumes as read only owned by root. This would still allow non-root processes to read. However when splunk tries to start the chown fails, causing the container to fail as well.</P> <P>Is there a flag to disable chown-ing config files on start, or is this something than can be put in a change request and removed form startup all together?</P> Wed, 10 Jun 2020 16:54:53 GMT thoyt 2020-06-10T16:54:53Z https://community.splunk.com/t5/Splunk-Enterprise/Permissions-issue-in-Docker-container/m-p/376857#M1172 <P>When splunk starts it seems to try and chown the config files (ie. web.conf) to whatever user splunk is currently running as. This causes an issue with Kubernetes deployments.</P> <P>When you mount configuration files through a ConfigMap it mounts the volumes as read only owned by root. This would still allow non-root processes to read. However when splunk tries to start the chown fails, causing the container to fail as well.</P> <P>Is there a flag to disable chown-ing config files on start, or is this something than can be put in a change request and removed form startup all together?</P> Wed, 10 Jun 2020 16:54:53 GMT https://community.splunk.com/t5/Splunk-Enterprise/Permissions-issue-in-Docker-container/m-p/376857#M1172 thoyt 2020-06-10T16:54:53Z https://community.splunk.com/t5/Splunk-Enterprise/Permissions-issue-in-Docker-container/m-p/376858#M1173 <P>See my response on this <A href="https://answers.splunk.com/answers/739649/unable-to-run-splunk-forwarder-image-as-non-root-u.html?childToView=740712#answer-740712">thread</A>: </P> Tue, 16 Apr 2019 15:46:24 GMT https://community.splunk.com/t5/Splunk-Enterprise/Permissions-issue-in-Docker-container/m-p/376858#M1173 codebuilder 2019-04-16T15:46:24Z https://community.splunk.com/t5/Splunk-Enterprise/Permissions-issue-in-Docker-container/m-p/550615#M5740 <P>I encounter this as well when running splunkforwarder on kubernetes cluster as daemonset. This was solved by mounting the volume to /opt/splunkforwarder-etc/ instead of /opt/splunkforwarder. It seems that all the local/custom configuration should be implemented on /opt/splunkforwarder-etc/</P> Thu, 06 May 2021 08:34:44 GMT https://community.splunk.com/t5/Splunk-Enterprise/Permissions-issue-in-Docker-container/m-p/550615#M5740 jhomerlopez 2021-05-06T08:34:44Z