So on a quite a few of our Splunk servers we are running Splunk as a non-root user. Well we deploy Splunk_TA_nix 6.0.0 to all our Linux clients. Quite a few of the scripts that get run as part of the TA_nix add-on require root privs to execute properly. How do I get around this?
Actually, what commands have root requirement? I'm not seeing any.
Even though the processes they use might be owned by root, those commands should ultimately have the permissions -rwxr-xr-x so group and other users can read and execute. The same is true for the parent directory of those commands.