Deployment Architecture

Ubuntu on Windows - tar Splunk is permission denied; why?

morethanyell
Builder

As someone who grew up on Windows but is now learning Splunk, it's very important for me to learn Linux/Unix. It must be a gift from heaven that we can now run Ubuntu on top of Windows via their new app on Windows Store called Ubuntu which allows you to use Ubuntu terminal while on Windows via cmd (not VM).

I have learned that it's very important not to install Splunk as root or using sudo. Why am I getting permission denied?

Here's what I did;

  1. Installed Ubuntu from Windows Store
  2. Opened bash from cmd
  3. Wget the Splunk tgz
  4. Used tar to install on /opt/apps/

See:

alt text

My intention is to practice myself navigating on Linux as this is required in my job. Thanks for your help!

0 Karma
1 Solution

koshyk
Super Champion

The best thing to do is
- Run as root . (sudo to root)
- untar as root
- after it is completely unpacked, the do chown -R splunk:splunk /opt/splunk

View solution in original post

0 Karma

tom_frotscher
Builder

Looks like your problem is not the tar itself. Seems like your user does not have enough rights to create a folder at /opt/apps/splunk. Try

sudo tar -xzvf ...

And when you finished, change the owner of the splunk installation path back to the desired owner (e.g. a user called splunk). This is also shown in the splunk installation manual:

https://docs.splunk.com/Documentation/Splunk/7.2.6/Installation/RunSplunkasadifferentornon-rootuser#...

morethanyell
Builder

Thank you. I would also accept this as answer but another one has came in first.

0 Karma

koshyk
Super Champion

The best thing to do is
- Run as root . (sudo to root)
- untar as root
- after it is completely unpacked, the do chown -R splunk:splunk /opt/splunk

0 Karma

morethanyell
Builder

Hey. thanks for the response. what is splunk:splunk? should I be changing that to my username?

0 Karma

tom_frotscher
Builder

No, you should create a user and a group called "splunk". With the chown command you can change the owner of a folder to another user and group. in this case to the the user splunk and the group splunk = splunk:splunk.

Simple: you install as root, but since best practise is not to run splunk as root, you change back to an other user after installation.

As mentioned, there is a step by step guide in the docs: https://docs.splunk.com/Documentation/Splunk/7.2.6/Installation/RunSplunkasadifferentornon-rootuser#...

0 Karma

morethanyell
Builder

thank you. accepted answer

0 Karma
Get Updates on the Splunk Community!

Detecting Remote Code Executions With the Splunk Threat Research Team

WATCH NOWRemote code execution (RCE) vulnerabilities pose a significant risk to organizations. If exploited, ...

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...