https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46699#M179362 <P>I was looking more for a setting from a Splunk config. Managing Acls is along the same lines as having to manage permissions. Also, I have SunOS, AIX, &amp; Linux to manage. I should have been more specific in my question. Thanks for the feedback though.</P> Fri, 06 Jul 2012 14:55:16 GMT chicodeme 2012-07-06T14:55:16Z https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46697#M179360 <P>Splunk runs as root so it has access to monitor anything on the system without managing those permissions. <BR /> I ran this<BR /> find /opt/splunk/ -type d -exec chmod g+s {} \;<BR /> The files get created:<BR /> -rw------- 1 root splunk filename<BR /> I want to have it<BR /> -rw-rw---- 1 root splunk filename</P> <P>Any ideas besides change the root user default umask?</P> Thu, 21 Jul 2011 20:19:43 GMT https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46697#M179360 chicodeme 2011-07-21T20:19:43Z https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46698#M179361 <P>One option would be to <A href="http://docs.splunk.com/Documentation/Splunk/latest/installation/RunSplunkasadifferentornon-rootuser">run Splunk as a non-root user</A>, and set the umask on the Splunk account. You would need to make sure all log files are viewable by the Splunk account, of course.</P> <P>If you do need to run Splunk as root, POSIX ACLs may be your answer. Something like the following:</P> <PRE><CODE># Make sure all existing files are group-owned by Splunk. Set the filesystem # ACL to allow the Splunk group as the default for new files, and set the # same ACL on currently existing files. cd /opt/splunk/etc/apps sudo setfacl -R -b . sudo chown -R splunk:splunk . sudo setfacl -R -d -m g:splunk:rwx . sudo setfacl -R -m g:splunk:rwx . # Then repeat the above for /opt/splunk/etc/system/local or other paths as desired. </CODE></PRE> Fri, 06 Jul 2012 14:46:00 GMT https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46698#M179361 southeringtonp 2012-07-06T14:46:00Z https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46699#M179362 <P>I was looking more for a setting from a Splunk config. Managing Acls is along the same lines as having to manage permissions. Also, I have SunOS, AIX, &amp; Linux to manage. I should have been more specific in my question. Thanks for the feedback though.</P> Fri, 06 Jul 2012 14:55:16 GMT https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46699#M179362 chicodeme 2012-07-06T14:55:16Z https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46700#M179363 <P>Agreed that a configurable umask setting in Splunk would be a big plus. (Time to file an ER!).</P> <P>The distinction with using POSIX ACLs instead of traditional permissions is that you should only have to do it once. If you set the default ACL, I believe that it should inherit down as new files/directories are created by Splunk (Contrast that with the find/chmod approach, which you have to do over and over again as Splunk creates and modifies files in <CODE>local</CODE>.)</P> Fri, 06 Jul 2012 15:28:20 GMT https://community.splunk.com/t5/Splunk-Search/default-umask-for-file-creation-on-OS/m-p/46700#M179363 southeringtonp 2012-07-06T15:28:20Z