https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624018#M14777 <P>Hi,</P><P>I heard that it's frowned upon to run Splunk on the root so I created a Splunk User. I can't figure out why I can't run Splunk start, stop, and status without getting permission denied. I've changed the ownership to for /opt/splunk to the user "Splunk" that I've created because I was told it was bad to run Splunk as root.&nbsp; When working in my "Splunk" user account I continuously get this error whenever trying to config enable boot-start splunk.</P><P>oot@cluster-master:/opt# ./splunk/bin/splunk enable boot-start -systemd-managed 1 -user splunk<BR /><BR />Warning: cannot create "/opt/splunk/var/log/splunk"<BR /><BR />Warning: cannot create "/opt/splunk/var/log/introspection"<BR /><BR />Warning: cannot create "/opt/splunk/var/log/watchdog"<BR />Systemd unit file installed at /etc/systemd/system/Splunkd.service.<BR />Configured as systemd managed service.<BR />root@cluster-master:/opt# su splunk<BR />splunk@cluster-master:/opt$ ./splunk/bin/splunk status<BR /><BR />Warning: cannot create "/opt/splunk/var/log/splunk"<BR /><BR />Warning: cannot create "/opt/splunk/var/log/introspection"<BR /><BR />Warning: cannot create "/opt/splunk/var/log/watchdog"<BR />Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied<BR />splunkd.pid file is unreadable.<BR />Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied<BR />splunk@cluster-master:/opt$</P><P>&nbsp;</P> Mon, 12 Dec 2022 15:15:49 GMT OgoSplunk 2022-12-12T15:15:49Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624018#M14777 <P>Hi,</P><P>I heard that it's frowned upon to run Splunk on the root so I created a Splunk User. I can't figure out why I can't run Splunk start, stop, and status without getting permission denied. I've changed the ownership to for /opt/splunk to the user "Splunk" that I've created because I was told it was bad to run Splunk as root.&nbsp; When working in my "Splunk" user account I continuously get this error whenever trying to config enable boot-start splunk.</P><P>oot@cluster-master:/opt# ./splunk/bin/splunk enable boot-start -systemd-managed 1 -user splunk<BR /><BR />Warning: cannot create "/opt/splunk/var/log/splunk"<BR /><BR />Warning: cannot create "/opt/splunk/var/log/introspection"<BR /><BR />Warning: cannot create "/opt/splunk/var/log/watchdog"<BR />Systemd unit file installed at /etc/systemd/system/Splunkd.service.<BR />Configured as systemd managed service.<BR />root@cluster-master:/opt# su splunk<BR />splunk@cluster-master:/opt$ ./splunk/bin/splunk status<BR /><BR />Warning: cannot create "/opt/splunk/var/log/splunk"<BR /><BR />Warning: cannot create "/opt/splunk/var/log/introspection"<BR /><BR />Warning: cannot create "/opt/splunk/var/log/watchdog"<BR />Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied<BR />splunkd.pid file is unreadable.<BR />Pid file "/opt/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission denied<BR />splunk@cluster-master:/opt$</P><P>&nbsp;</P> Mon, 12 Dec 2022 15:15:49 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624018#M14777 OgoSplunk 2022-12-12T15:15:49Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624032#M14780 <P>The <FONT face="courier new,courier">enable boot-start</FONT> command must be run as root because it modifies system files. You either can switch to the root user to run the command or use <FONT face="courier new,courier">sudo</FONT>. See&nbsp;<A href="https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/ConfigureSplunktostartatboottime#Enable_boot-start_on_.2Anix_platforms" target="_blank">https://docs.splunk.com/Documentation/Splunk/9.0.2/Admin/ConfigureSplunktostartatboottime#Enable_boot-start_on_.2Anix_platforms</A></P> Mon, 12 Dec 2022 16:07:34 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624032#M14780 richgalloway 2022-12-12T16:07:34Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624036#M14782 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;Step 6 wants me to edit a file using nano or any text editor but I don't see the file there /splunk<SPAN>/etc/init.d/splunk could you help me out with this last part?&nbsp;</SPAN></P> Mon, 12 Dec 2022 16:23:09 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624036#M14782 OgoSplunk 2022-12-12T16:23:09Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624037#M14783 <P>That file is created in Step 3, but only on systems not running systemd.&nbsp; However, given the output in the OP, I believe you should be following the steps in the "Enable boot-start on machines that run systemd" section.</P> Mon, 12 Dec 2022 16:32:41 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624037#M14783 richgalloway 2022-12-12T16:32:41Z https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624040#M14784 <P><a href="https://community.splunk.com/t5/user/viewprofilepage/user-id/213957">@richgalloway</a>&nbsp;you're the GOAT( GREATEST OF ALL TIME). I'll pass on the Karma now&nbsp;</P> Mon, 12 Dec 2022 16:43:55 GMT https://community.splunk.com/t5/Splunk-Enterprise/Splunk-User-Getting-Permission-Denied-In-Linux/m-p/624040#M14784 OgoSplunk 2022-12-12T16:43:55Z