Deployment Architecture

Apps packaged in splunk rpm have invalid permissions?

Path Finder

We have installed splunk instances on our servers to be used as forwarders. We use the deployment client/server to push out app packages to our various forwarders. We have recently attempted to add the unix application into our server classes so it is deployed to all remote splunk forwarders. We see the below error from the deployment client indicating it cannot remove the old unix app (I believe it is included in the rpm install) because the directory permissions are incorrect.

09-09-2010 15:38:03.726 WARN  DeployedServerClass - There was a problem installing app: unix for server class: unixClass
09-09-2010 15:39:03.773 WARN  DeployedApplication - Unable to remove folder: /opt/splunk/etc/apps/unix. Splunk will continue trying to install applic
ation. Directory not empty

This directory permissions on the contents of etc/apps/unix are 555 rather than something that is writable like 755. Is this intended? We could update the permissions on the app but anytime we add a new forwarder we will have to remember to correct the bad permissions. Obviously this is not ideal. One possible solution we have come up with is to make a copy of the unix app on our deployment server so it resides in a different folder (Something like my_unix). While this will fix the problem it seems like a hack.

Tags (1)
1 Solution

Splunk Employee
Splunk Employee

The permissions on directories in the splunk package / tarfile are not explicitly declared. This means that your local umask will dictate the permissions applied to the directories. In your environment, you seem to have a 222 umask, which results in the directories being unwritable.

Personally I recommend 022, or otherwise more restrictive on group/other.

There's at least one bug to track the issue of this permission issue, identified internally as SPL-33753. I'll bring it up in our weekly bug discussion.

You can work around this by either: setting umask explicitly before splunk installs, eg

umask 022; rpm ....

or you can after-the-fact set them as you desire, eg:

find /opt/splunk -type d -exec chmod u=rwx,go=rx {} \;

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

The permissions on directories in the splunk package / tarfile are not explicitly declared. This means that your local umask will dictate the permissions applied to the directories. In your environment, you seem to have a 222 umask, which results in the directories being unwritable.

Personally I recommend 022, or otherwise more restrictive on group/other.

There's at least one bug to track the issue of this permission issue, identified internally as SPL-33753. I'll bring it up in our weekly bug discussion.

You can work around this by either: setting umask explicitly before splunk installs, eg

umask 022; rpm ....

or you can after-the-fact set them as you desire, eg:

find /opt/splunk -type d -exec chmod u=rwx,go=rx {} \;

View solution in original post

0 Karma

Path Finder

Thanks, I will get with my CT group to make sure the umask is set before they perform future splunk installations using puppet.

0 Karma
State of Splunk Careers

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!