Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Universal forwarder for Linux had mixture of permissions for root and splunk.

splunktrainingu
Communicator
‎12-02-2020 01:40 PM

Hello, 

I am working with a Linux system and a universal forwarder. 

 

Operating System: Debian GNU/Linux 10 (buster)
            Kernel: Linux 4.19.0-12-amd64
      Architecture: x86-64

 

 

when I checked opt/splunkforwarder/etc/system/local  and ran ls -l I noticed that root root had permission in there as well as splunk splunk. Should splunk splunk own everything in the universal forwarder directory?

 

-rw-r--r-- 1 root   root   283 Apr 30  2020 inputs.conf
-rw------- 1 root   root    45 Apr 21  2020 migration.conf
-rw-r--r-- 1 root   root   222 Apr 23  2020 outputs.conf
-r--r--r-- 1 splunk splunk 265 Mar 30  2020 README
-rw------- 1 splunk splunk 431 Sep 23  2019 server.conf
-rw-r--r-- 1 splunk splunk  65 Jun  3 13:38 user-seed.conf
-rw-r--r-- 1 root   root    40 Sep 23  2019 web.conf

 

 

Labels (2)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

saravanan90
Contributor
‎12-15-2020 09:12 AM

Installation might have been done in root & service is running under splunk user which could have created the splunk file. Changing it to splunk user will not have any impact if service is running under splunk.

chown splunk:splunk /opt/splunkforwarder

View solution in original post

Reply
Solved! Jump to solution
Solution

saravanan90
Contributor
‎12-15-2020 09:12 AM

Installation might have been done in root & service is running under splunk user which could have created the splunk file. Changing it to splunk user will not have any impact if service is running under splunk.

chown splunk:splunk /opt/splunkforwarder

Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...