Join the Conversation
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Splunk_TA_nix
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Splunk_TA_nix
Hello All,
So on a quite a few of our Splunk servers we are running Splunk as a non-root user. Well we deploy Splunk_TA_nix 6.0.0 to all our Linux clients. Quite a few of the scripts that get run as part of the TA_nix add-on require root privs to execute properly. How do I get around this?
Thanks
ed
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ultimately, you'll need to make sure the unix ID running Splunk can run the requisite commands on the command line of the unix OS terminal/command prompt without errors.
Often, this is resolved by having the admin of the OS provide the permissions needed.
If you end up working on collecting files as well, this post might be of help: Which UNIX permissions are best for monitoring files?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Actually, what commands have root requirement? I'm not seeing any.
Even though the processes they use might be owned by root, those commands should ultimately have the permissions -rwxr-xr-x so group and other users can read and execute. The same is true for the parent directory of those commands.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'd bet a dollar that the deployment server is Windows based. Windows based deployers totally foul up the permissions of the TA_nix when they push it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In that theme, here's more info that delve into the Windows considerations: What are best practices for deploying the Splunk Add-on for Unix and Linux in a distributed environm...
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
