Deployment Architecture

Why am I getting "Permission denied" errors trying to add apps to Server Class in Forwarder Management via the deployment server?

j666gak
Communicator

Hello,

I am new to using the deployment server functionality within Splunk. Every time I try to add an app to a server class depending on the app I get the following error. This is a Linux system.

In handler 'applications': Failed to create dir=/opt/splunk/etc/deployment-apps/Splunk_TA_nix/local, needed for application=Splunk_TA_nix: Permission denied

1 Solution

esix_splunk
Splunk Employee
Splunk Employee

Can you confirm you have admin user rights in the Splunk UI. Additionally, at the OS level, check you check the $splunk_home/etc/deployment-apps/ folder and check the permissions at the OS level.

Thanks

View solution in original post

esix_splunk
Splunk Employee
Splunk Employee

Can you confirm you have admin user rights in the Splunk UI. Additionally, at the OS level, check you check the $splunk_home/etc/deployment-apps/ folder and check the permissions at the OS level.

Thanks

j666gak
Communicator

I am logged in to Splunk using the admin account.

root@server [/opt/splunk/etc]# ls -l deployment-apps/
total 28
drwxr-xr-x  6 splunk splunk 4096 Mar 21 10:25 ./
drwxr-xr-x 16 splunk splunk 4096 Mar 14 16:29 ../
-r--r--r--  1 splunk splunk  307 Feb 18 23:01 README
drwx--x--x  6 root   root   4096 Mar 20 23:22 sendtoindexer/
drwx------ 11 root   root   4096 Mar 20 23:39 Splunk_TA_nix/
drwx------ 14 root   root   4096 Mar 21 10:25 Splunk_TA_windows/
drwx------  2 splunk splunk 4096 Mar  2 09:04 users/
0 Karma

j666gak
Communicator

using chown -R splunk folder/ I have fixed the permissions and it is working now

mckeon
Explorer

Thanks. I ran into this when manually adding an app at the command line as well.
I had to chown -R splunk:splunk on the new app

0 Karma

esix_splunk
Splunk Employee
Splunk Employee

Becareful when creating the apps, make sure permissions are always set to the same as the user running splunk! Good catch.

Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...