Archive

Run Splunk under splunk user instead of root

Path Finder

Currently my environment using splunk as root user, I want to Run Splunk under splunk user instead of root and run splunk web on 8443.
What is the procedure to implement the same and what will be the impact?

0 Karma
1 Solution

SplunkTrust
SplunkTrust

You probably want to set your SPLUNKOSUSER in the /opt/splunk/etc/splunk-launch.conf file:
# If SPLUNKOSUSER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNKOSUSER.
# (This setting can be specified as username or as UID.)
#
# SPLUNKOSUSER

SPLUNK_OS_USER=splunk

First you will need to re-own the files back to the splunk user in your installation directory.

The limitations would be:
ulimits may be set differently for the splunk user (this can of course be changed for the splunk user)
You cannot listen on a privileged port number below 1024

I've never found either of these items to be an issue, if you need a syslog listener on port 514 for example you can run that as a separate process which runs as root...

View solution in original post

0 Karma

SplunkTrust
SplunkTrust

You probably want to set your SPLUNKOSUSER in the /opt/splunk/etc/splunk-launch.conf file:
# If SPLUNKOSUSER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNKOSUSER.
# (This setting can be specified as username or as UID.)
#
# SPLUNKOSUSER

SPLUNK_OS_USER=splunk

First you will need to re-own the files back to the splunk user in your installation directory.

The limitations would be:
ulimits may be set differently for the splunk user (this can of course be changed for the splunk user)
You cannot listen on a privileged port number below 1024

I've never found either of these items to be an issue, if you need a syslog listener on port 514 for example you can run that as a separate process which runs as root...

View solution in original post

0 Karma

Path Finder

How to use iptables prerouting to forward request coming on port 443 to port 8443?

0 Karma