Is there any recommended settings for file permissions of .conf files in deployment apps?
For example, I am looking at a deployment app I created using the GUI, and I see in the
-rwxr-xr-x app.conf -rw------- inputs.conf
It seems odd that the owner, group, and all users
x bit is set for .conf files?
It also seems odd that the group
r bit is not set for inputs.conf?
Finally, should any bits be ever set for all users?
I'm leaning toward 664 or 660 for .conf files?
I generally go for
750. I believe execute permission is required for scripted inputs and other executables, so for deployment apps, I set that, regardless they've executable or not.
thanks! is there any reason you would not give write access to the group?
I only say this because I have given ownership to the
splunk user. I am part of the
splunk group, and I'd like to edit the files without having to sudo everytime. But I'm unsure if there is a good reason not to allow group write access.
I don't see a reason where group members will update deployed apps (in etc/apps). Changes to deployment apps should be centralized only from deployment server. For us, it's a best practice reason so that changes are only made (only on DS) when someone sudo to
gotcha, that makes sense. I am editing the app on the deployment server, not the deployed apps. I see now what you mean about when it gets deployed
Check that no files have *nix write permissions for all users (xx2, xx6, xx7). Splunk recommends 644 for all files outside of bin/ and 755 for all directories and files in the bin/ directory.
Of course, you can always go more restrictive.