https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307816#M11660 <P>gotcha, that makes sense. I am editing the app on the deployment server, not the deployed apps. I see now what you mean about when it gets deployed</P> Wed, 29 Nov 2017 21:01:01 GMT joshuapetitt 2017-11-29T21:01:01Z https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307812#M11656 <P>Is there any recommended settings for file permissions of .conf files in deployment apps?</P> <P>For example, I am looking at a deployment app I created using the GUI, and I see in the <CODE>local</CODE> folder:</P> <PRE><CODE>-rwxr-xr-x app.conf -rw------- inputs.conf </CODE></PRE> <P>It seems odd that the owner, group, and all users <CODE>x</CODE> bit is set for .conf files? </P> <P>It also seems odd that the group <CODE>r</CODE> bit is not set for inputs.conf?</P> <P>Finally, should any bits be ever set for all users?</P> <P>I'm leaning toward 664 or 660 for .conf files?</P> Wed, 29 Nov 2017 19:59:31 GMT https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307812#M11656 joshuapetitt 2017-11-29T19:59:31Z https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307813#M11657 <P>I generally go for <CODE>750</CODE>. I believe execute permission is required for scripted inputs and other executables, so for deployment apps, I set that, regardless they've executable or not.</P> Wed, 29 Nov 2017 20:38:23 GMT https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307813#M11657 somesoni2 2017-11-29T20:38:23Z https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307814#M11658 <P>thanks! is there any reason you would not give write access to the group?<BR /> I only say this because I have given ownership to the <CODE>splunk</CODE> user. I am part of the <CODE>splunk</CODE> group, and I'd like to edit the files without having to sudo everytime. But I'm unsure if there is a good reason <EM>not</EM> to allow group write access.</P> Wed, 29 Nov 2017 20:52:51 GMT https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307814#M11658 joshuapetitt 2017-11-29T20:52:51Z https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307815#M11659 <P>I don't see a reason where group members will update deployed apps (in etc/apps). Changes to deployment apps should be centralized only from deployment server. For us, it's a best practice reason so that changes are only made (only on DS) when someone sudo to <CODE>splunk</CODE> user.</P> Wed, 29 Nov 2017 20:57:15 GMT https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307815#M11659 somesoni2 2017-11-29T20:57:15Z https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307816#M11660 <P>gotcha, that makes sense. I am editing the app on the deployment server, not the deployed apps. I see now what you mean about when it gets deployed</P> Wed, 29 Nov 2017 21:01:01 GMT https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307816#M11660 joshuapetitt 2017-11-29T21:01:01Z https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307817#M11661 <P><A href="http://dev.splunk.com/view/app-cert/SP-CAAAE3H">Here's what Splunk recommends</A></P> <BLOCKQUOTE> <P>Check that no files have *nix write permissions for all users (xx2, xx6, xx7). Splunk recommends 644 for all files outside of bin/ and 755 for all directories and files in the bin/ directory.</P> </BLOCKQUOTE> <P>Of course, you can always go more restrictive.</P> Thu, 30 Nov 2017 13:37:50 GMT https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/307817#M11661 iandrews_splunk 2017-11-30T13:37:50Z https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/631824#M26717 <P><A href="https://dev.splunk.com/enterprise/reference/appinspect/appinspectcheck/#Source-code-and-binaries-standards" target="_self">updated link</A></P> Wed, 22 Feb 2023 10:01:05 GMT https://community.splunk.com/t5/Deployment-Architecture/Are-there-any-recommended-settings-for-file-permissions-of-conf/m-p/631824#M26717 m2oswald 2023-02-22T10:01:05Z