topic Re: Install splunk as non root user in Installation

Install splunk as non root user

splunker_123 — Tue, 29 May 2012 16:10:46 GMT

I'm about to install the splunk header as non-root user in our environment and just read in the documentation that splunkuser should have access to /dev/urandom script in linux box which is owned by root

I'm installing splunk as non-root user called a splunkusr and it is added to a group called splunkgrp.Do I have to do anything specifically to give access to /dev/urandom for splunkusr? or is it something splunk will manage to access /dev/urandom during inital startup?

spluker_123

Re: Install splunk as non root user

lguinn2 — Tue, 29 May 2012 18:18:27 GMT

Splunk does not take care of this - you need to do it in Linux. Signed in as root, you can change the permissions to the /dev/urandom script and any directories that you want Splunk to monitor (like /var/log). chmod should be all that you need to do...

HTH

Re: Install splunk as non root user

mcronkrite — Wed, 02 Jul 2014 01:32:01 GMT

In Linux one approach to setting up a splunk service account user is to do the nomal linux adduser command.

Created a group "splunkadmins" and added the specific accounts to that group.
In sudoers add these lines for splunkadmins.

%splunkadmins ALL=(splunk) NOPASSWD: ALL, !/bin/sh, !/bin/bash, !/sbin/nologin, !/bin/bash2, !/bin/ash, !/bin/bsh, !/bin/ksh, !/bin/tcsh, !/bin/csh, !/bin/zsh

%splunkadmins ALL=NOPASSWD:/sbin/service splunk *, /usr/sbin/tcpdump *

The first allows anyone in the splunkadmins group to become the splunk user using sudo.
The second is the ability for anyone in that group to restart the splunk service (or use tcpdump).

As long ad you used enable boot-start with the user flag set to this splunk user you should be all set.