I've created a couple of dashboards and some reports, and I've started looking at packaging up my files to move them to a production environment. In looking at the files under $SPLUNK_HOME, I see that most of them are owned by user splunk, but some are owned by root. In particular, in my app named Foo, I have the following files in directory $SPLUNK_HOME/etc/apps/Foo/local:
pwd
/xxx/splunk/etc/apps/Foo/local
ls -l
total 28
-rw------- 1 splunk splunk 167 Apr 29 2010 app.conf
drwx------ 3 splunk splunk 4096 Apr 7 2010 data
-rw------- 1 root root 6924 Dec 10 13:51 savedsearches.conf
-rw------- 1 root root 11660 Dec 10 13:47 viewstates.conf
The file savedsearches.conf contains the definitions of my reports and viewstates.conf contains the various charts I've created for my dashboard. But should those files be owned by root or by splunk? I have done all the work of building the dashboard while logged in as myself (nbc), and I have not manually touched any of those files in the system (although someone else may have).
Do I need to change the ownership of these (and any other?) files so that they are all owned by splunk? Or is the file ownership not an issue? Note that splunk itself seems to be running fine on this system - all my reports and dashboards seem to display correctly. I plan to pick up the entire Foo app and move it to my production system at some point and I'm just wondering if the file ownership will cause problems when I try to do the packaging and move to another machine.
Thanks,
nbc
