<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Unable to execute script on universal forwarder due to permission issue in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Unable-to-execute-script-on-universal-forwarder-due-to/m-p/422971#M74267</link>
    <description>&lt;P&gt;I am trying to install UFs on a  number of hosts using the below script got from one of the post in this forum,&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;#!/bin/sh  
     # This EXAMPLE script shows how to deploy the Splunk universal forwarder
     # to many remote hosts via ssh and common Unix commands.
     # For "real" use, this script needs ERROR DETECTION AND LOGGING!!
     # --Variables that you must set -----
     # Set username using by splunkd to run.
       SPLUNK_RUN_USER="splunk"
      # Populate this file with a list of hosts that this script should install to,
     # with one host per line. This must be specified in the form that should
     # be used for the ssh login, ie. username@host
     #
     # Example file contents:
     # splunkuser@10.20.13.4
     # splunkker@10.20.13.5
       HOSTS_FILE="uf_hosts"

     # This should be a WGET command that was *carefully* copied from splunk.com!!
     # Sign into splunk.com and go to the download page, then look for the wget
     # link near the top of the page (once you have selected your platform)
     # copy and paste your wget command between the ""
       WGET_INSTALL="sudo yum -y install wget"
       WGET_CMD="wget -O splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&amp;amp;platform=linux&amp;amp;version=7.2.4&amp;amp;product=universalforwarder&amp;amp;filename=splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz&amp;amp;wget=true'"
     # Set the install file name to the name of the file that wget downloads
     # (the second argument to wget)
       INSTALL_FILE="splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz"

     # After installation, the forwarder will become a deployment client of this
     # host.  Specify the host and management (not web) port of the deployment server
     # that will be managing these forwarder instances.
     # Example 1.2.3.4:8089
       DEPLOY_SERVER="18.207.205.49:8089"

     # Set the seed app folder name for deploymentclien.conf
       DEPLOY_APP_FOLDER_NAME="ap3_all_deploymentclient"
     # Set the new Splunk admin password
       PASSWORD="QzpU9l8T"

     REMOTE_SCRIPT_DEPLOY="
       cd /opt
       sudo $WGET_INSTALL
       sudo $WGET_CMD
       sudo tar xvzf $INSTALL_FILE
       sudo rm $INSTALL_FILE
       sudo useradd $SPLUNK_RUN_USER
       echo "
        [user_info]
        USERNAME = admin
        PASSWORD = $PASSWORD
        " &amp;gt; /opt/splunk/etc/system/local/user-seed.conf  
       sudo mkdir -p /opt/splunkforwarder/etc/apps/$DEPLOY_APP_FOLDER_NAME/local
       sudo echo "[target-broker:deploymentServer] targetUri = $DEPLOY_SERVER" &amp;gt; /opt/splunkforwarder/etc/apps/$DEPLOY_APP_FOLDER_NAME/local/deploymentclient.conf
       sudo chown -R $SPLUNK_RUN_USER:$SPLUNK_RUN_USER /opt/splunkforwarder
       sudo -u $SPLUNK_RUN_USER /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
       sudo /opt/splunkforwarder/bin/splunk enable boot-start -user $SPLUNK_RUN_USER

       exit
      "

     DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &amp;gt;/dev/null &amp;amp;&amp;amp; pwd )"

     #===============================================================================================
       echo "In 5 seconds, will run the following script on each remote host:"
       echo
       echo "===================="
       echo "$REMOTE_SCRIPT_DEPLOY"
       echo "===================="
       echo 
       sleep 5
       echo "Reading host logins from $HOSTS_FILE"
       echo
       echo "Starting."
       for DST in `cat "$DIR/$HOSTS_FILE"`; do
         if [ -z "$DST" ]; then
           continue;
         fi
         echo "---------------------------"
         echo "Installing to $DST"
         echo "Initial UF deployment"
         sudo ssh -t "$DST" "$REMOTE_SCRIPT_DEPLOY"
       done  
       echo "---------------------------"
       echo "Done"
       echo "Please use the following app folder name to override deploymentclient.conf options: $DEPLOY_APP_FOLDER_NAME"
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;After executing the script, I am getting the below error in the logs,&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;    bash: line 7: /opt/splunkforwarder/etc/system/local/user-seed.conf: Permission denied
    bash: line 9: /opt/splunkforwarder/etc/apps/ap3_all_deploymentclient/local/deploymentclient.conf: Permission denied
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;Already executing those commands as a sudo user, still I am getting the errors. Please advise.&lt;/P&gt;</description>
    <pubDate>Wed, 06 Mar 2019 05:09:05 GMT</pubDate>
    <dc:creator>damode</dc:creator>
    <dc:date>2019-03-06T05:09:05Z</dc:date>
    <item>
      <title>Unable to execute script on universal forwarder due to permission issue</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Unable-to-execute-script-on-universal-forwarder-due-to/m-p/422971#M74267</link>
      <description>&lt;P&gt;I am trying to install UFs on a  number of hosts using the below script got from one of the post in this forum,&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;#!/bin/sh  
     # This EXAMPLE script shows how to deploy the Splunk universal forwarder
     # to many remote hosts via ssh and common Unix commands.
     # For "real" use, this script needs ERROR DETECTION AND LOGGING!!
     # --Variables that you must set -----
     # Set username using by splunkd to run.
       SPLUNK_RUN_USER="splunk"
      # Populate this file with a list of hosts that this script should install to,
     # with one host per line. This must be specified in the form that should
     # be used for the ssh login, ie. username@host
     #
     # Example file contents:
     # splunkuser@10.20.13.4
     # splunkker@10.20.13.5
       HOSTS_FILE="uf_hosts"

     # This should be a WGET command that was *carefully* copied from splunk.com!!
     # Sign into splunk.com and go to the download page, then look for the wget
     # link near the top of the page (once you have selected your platform)
     # copy and paste your wget command between the ""
       WGET_INSTALL="sudo yum -y install wget"
       WGET_CMD="wget -O splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&amp;amp;platform=linux&amp;amp;version=7.2.4&amp;amp;product=universalforwarder&amp;amp;filename=splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz&amp;amp;wget=true'"
     # Set the install file name to the name of the file that wget downloads
     # (the second argument to wget)
       INSTALL_FILE="splunkforwarder-7.2.4-8a94541dcfac-Linux-x86_64.tgz"

     # After installation, the forwarder will become a deployment client of this
     # host.  Specify the host and management (not web) port of the deployment server
     # that will be managing these forwarder instances.
     # Example 1.2.3.4:8089
       DEPLOY_SERVER="18.207.205.49:8089"

     # Set the seed app folder name for deploymentclien.conf
       DEPLOY_APP_FOLDER_NAME="ap3_all_deploymentclient"
     # Set the new Splunk admin password
       PASSWORD="QzpU9l8T"

     REMOTE_SCRIPT_DEPLOY="
       cd /opt
       sudo $WGET_INSTALL
       sudo $WGET_CMD
       sudo tar xvzf $INSTALL_FILE
       sudo rm $INSTALL_FILE
       sudo useradd $SPLUNK_RUN_USER
       echo "
        [user_info]
        USERNAME = admin
        PASSWORD = $PASSWORD
        " &amp;gt; /opt/splunk/etc/system/local/user-seed.conf  
       sudo mkdir -p /opt/splunkforwarder/etc/apps/$DEPLOY_APP_FOLDER_NAME/local
       sudo echo "[target-broker:deploymentServer] targetUri = $DEPLOY_SERVER" &amp;gt; /opt/splunkforwarder/etc/apps/$DEPLOY_APP_FOLDER_NAME/local/deploymentclient.conf
       sudo chown -R $SPLUNK_RUN_USER:$SPLUNK_RUN_USER /opt/splunkforwarder
       sudo -u $SPLUNK_RUN_USER /opt/splunkforwarder/bin/splunk start --accept-license --answer-yes --auto-ports --no-prompt
       sudo /opt/splunkforwarder/bin/splunk enable boot-start -user $SPLUNK_RUN_USER

       exit
      "

     DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &amp;gt;/dev/null &amp;amp;&amp;amp; pwd )"

     #===============================================================================================
       echo "In 5 seconds, will run the following script on each remote host:"
       echo
       echo "===================="
       echo "$REMOTE_SCRIPT_DEPLOY"
       echo "===================="
       echo 
       sleep 5
       echo "Reading host logins from $HOSTS_FILE"
       echo
       echo "Starting."
       for DST in `cat "$DIR/$HOSTS_FILE"`; do
         if [ -z "$DST" ]; then
           continue;
         fi
         echo "---------------------------"
         echo "Installing to $DST"
         echo "Initial UF deployment"
         sudo ssh -t "$DST" "$REMOTE_SCRIPT_DEPLOY"
       done  
       echo "---------------------------"
       echo "Done"
       echo "Please use the following app folder name to override deploymentclient.conf options: $DEPLOY_APP_FOLDER_NAME"
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;After executing the script, I am getting the below error in the logs,&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;    bash: line 7: /opt/splunkforwarder/etc/system/local/user-seed.conf: Permission denied
    bash: line 9: /opt/splunkforwarder/etc/apps/ap3_all_deploymentclient/local/deploymentclient.conf: Permission denied
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;Already executing those commands as a sudo user, still I am getting the errors. Please advise.&lt;/P&gt;</description>
      <pubDate>Wed, 06 Mar 2019 05:09:05 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Unable-to-execute-script-on-universal-forwarder-due-to/m-p/422971#M74267</guid>
      <dc:creator>damode</dc:creator>
      <dc:date>2019-03-06T05:09:05Z</dc:date>
    </item>
    <item>
      <title>Re: Unable to execute script on universal forwarder due to permission issue</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Unable-to-execute-script-on-universal-forwarder-due-to/m-p/422972#M74268</link>
      <description>&lt;P&gt;This is almost certainly because the Splunk forwarder was first run as &lt;CODE&gt;root&lt;/CODE&gt; but is no longer so.  You should log on to the forwarder as user &lt;CODE&gt;root&lt;/CODE&gt; and do:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;chown -R splunk: /opt/splunk/
&lt;/CODE&gt;&lt;/PRE&gt;</description>
      <pubDate>Wed, 06 Mar 2019 06:08:03 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Unable-to-execute-script-on-universal-forwarder-due-to/m-p/422972#M74268</guid>
      <dc:creator>woodcock</dc:creator>
      <dc:date>2019-03-06T06:08:03Z</dc:date>
    </item>
  </channel>
</rss>

