Hi
I tried the rpm installation in a RedHat 6.4 and I got the following output:
Warning: splunk-6.3.0 .... Signature, key ID 653fb112: NOKEY
Error: can't create transaction lock on /var/lib/rpm/.rpm.lock (Permission Denied)
Do I need to be root for Splunk Installation? If so, do I need to have always root access for changing configuration files, restarting Splunk, etc ??
Thanks,
Hi edrivera3, I expect that you will need to be root in order to install Splunk. However, you can have splunk run as another user (usually the user Splunk) by running
$SPLUNKHOME/bin/splunk enable boot-start -user splunk
You will then want to do a chown -r splunk:splunk on $SPLUNKHOME
Keep in mind, if you don't run as root you can have issues with reading some files, so make sure this works for you, or if you can adjust the permissions on the files (or the splunk user group membership) in order to get the inputs you need.
Let me know if this helps!
From root
step 0: created Linux user named "splunk"
step 1: created folder /opt/splunk/
step 2: installed the Splunk distribution to /opt/splunk/
step 3: changed the owner of /opt/splunk/ to "splunk" user
To install RPM's you will need to be root (short version; see below). This isn't specific to Splunk, but a general rule for every RPM based distribution I've used.
If you really need to install Splunk without having root access, you can use the tared distribution; you won't be able to install the init script to start it on boot without root, however.
Long Version:
I don't have a RedHat 6.4 system handy, but I have a 6.6 system and if I do ls -al /var/lib/rpm/ I notice that:
Thus by default the permissions would prevent a user other than root from installing RPM's. You could work around this by changing permissions, making another uid 0 account etc, but I would advice against it.
If you think about it more generally, ideally all software on RedHat would be installed / managed via RPM's. The only user then who we are confident has write access to all the files that might need updating is the root user (okay the UID 0 user if you want to rename root).
Aside:
Running Splunk as a user other than root is highly recommended. The RPM distributed by Splunk creates a Splunk user/group that owns the files in $SPLUNK_HOME so its very easy to do. Since its not obvious you would need to be root to install an RPM, I'm assuming you aren't an experience Unix admin (although I could be wrong; we all have our days), so just be aware that if you want Splunk to read system logs (/var/log/*) and you're not running it as root, you may need to adjust the file permissions (e.g. /var/log/secure is owned by root:root with 0600 permissions by default).
Hi edrivera3, I expect that you will need to be root in order to install Splunk. However, you can have splunk run as another user (usually the user Splunk) by running
$SPLUNKHOME/bin/splunk enable boot-start -user splunk
You will then want to do a chown -r splunk:splunk on $SPLUNKHOME
Keep in mind, if you don't run as root you can have issues with reading some files, so make sure this works for you, or if you can adjust the permissions on the files (or the splunk user group membership) in order to get the inputs you need.
Let me know if this helps!
Thanks muebel. It was very helpful.