Deployment Architecture

Install splunk forwarder on Linux server

Path Finder

Hi splunker;

When I install splunk forwarder version 7.2.6 on redhat server version 7.4 successfully installed, but the home directory like /etc and /root change permission from root to splunk, and this is not normal behavior, can anyone help me why this is occurred?

Best Regards;

0 Karma

Path Finder

What user did the install?

0 Karma

SplunkTrust
SplunkTrust

@aalhabbash1,
Splunk does not change the ownership during installation. It's worth to check whether you have run a chown splunk:splunk after the installation and from which location the command was run. From what you have explained, it looks like the chown was run from / directory

0 Karma

Ultra Champion

Indeed. Sounds like a mistake was made during the installation steps (or a faulty install script was used). Any further info on exactly how you did the installation could help give a more concrete answer.

0 Karma

Splunk Employee
Splunk Employee
0 Karma