Hi splunker;
When I install splunk forwarder version 7.2.6 on redhat server version 7.4 successfully installed, but the home directory like /etc and /root change permission from root to splunk, and this is not normal behavior, can anyone help me why this is occurred?
Best Regards;
What user did the install?
@aalhabbash1,
Splunk does not change the ownership during installation. It's worth to check whether you have run a chown splunk:splunk
after the installation and from which location the command was run. From what you have explained, it looks like the chown
was run from / directory
Indeed. Sounds like a mistake was made during the installation steps (or a faulty install script was used). Any further info on exactly how you did the installation could help give a more concrete answer.
also be aware of Splunk and systemd interactions:
https://docs.splunk.com/Documentation/Splunk/7.2.6/Admin/RunSplunkassystemdservice