Deployment Architecture

Apps packaged in splunk rpm have invalid permissions?

christopherutz
Path Finder

We have installed splunk instances on our servers to be used as forwarders. We use the deployment client/server to push out app packages to our various forwarders. We have recently attempted to add the unix application into our server classes so it is deployed to all remote splunk forwarders. We see the below error from the deployment client indicating it cannot remove the old unix app (I believe it is included in the rpm install) because the directory permissions are incorrect.

09-09-2010 15:38:03.726 WARN  DeployedServerClass - There was a problem installing app: unix for server class: unixClass
09-09-2010 15:39:03.773 WARN  DeployedApplication - Unable to remove folder: /opt/splunk/etc/apps/unix. Splunk will continue trying to install applic
ation. Directory not empty

This directory permissions on the contents of etc/apps/unix are 555 rather than something that is writable like 755. Is this intended? We could update the permissions on the app but anytime we add a new forwarder we will have to remember to correct the bad permissions. Obviously this is not ideal. One possible solution we have come up with is to make a copy of the unix app on our deployment server so it resides in a different folder (Something like my_unix). While this will fix the problem it seems like a hack.

Tags (1)
1 Solution

jrodman
Splunk Employee
Splunk Employee

The permissions on directories in the splunk package / tarfile are not explicitly declared. This means that your local umask will dictate the permissions applied to the directories. In your environment, you seem to have a 222 umask, which results in the directories being unwritable.

Personally I recommend 022, or otherwise more restrictive on group/other.

There's at least one bug to track the issue of this permission issue, identified internally as SPL-33753. I'll bring it up in our weekly bug discussion.

You can work around this by either: setting umask explicitly before splunk installs, eg

umask 022; rpm ....

or you can after-the-fact set them as you desire, eg:

find /opt/splunk -type d -exec chmod u=rwx,go=rx {} \;

View solution in original post

0 Karma

jrodman
Splunk Employee
Splunk Employee

The permissions on directories in the splunk package / tarfile are not explicitly declared. This means that your local umask will dictate the permissions applied to the directories. In your environment, you seem to have a 222 umask, which results in the directories being unwritable.

Personally I recommend 022, or otherwise more restrictive on group/other.

There's at least one bug to track the issue of this permission issue, identified internally as SPL-33753. I'll bring it up in our weekly bug discussion.

You can work around this by either: setting umask explicitly before splunk installs, eg

umask 022; rpm ....

or you can after-the-fact set them as you desire, eg:

find /opt/splunk -type d -exec chmod u=rwx,go=rx {} \;

0 Karma

christopherutz
Path Finder

Thanks, I will get with my CT group to make sure the umask is set before they perform future splunk installations using puppet.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...