Getting Data In

issues with scripted inputs and secondary groups

dshakespeare_sp
Splunk Employee
Splunk Employee

Customer has reported an issue with Splunk scripted inputs and setgroups. An very simple example would be I have a script $SPLUNK_HOME/bin/script called shaky.sh

This just calls /tmp/test.sh which just contains "echo "hello world date" >> /tmp/test.out

# ls -l /tmp/test.out
-rwxr-x---. 1 root gumby 27 Jul 16 14:46 /tmp/test.sh

splunkd runs as user "splunk" and gumby is a secondary group.

# id splunk
uid=500(splunk) gid=500(splunk) groups=500(splunk),502(gumby)

The script does not run and there are lots of permission denied errors from the script in splunkd.log
If user splunk is changed to have gumby as a primary group, it works as expected
Is there away to get this working with a secondary group?

Tags (2)
1 Solution

dshakespeare_sp
Splunk Employee
Splunk Employee

A solution for this appears to be to use newgrp in a "here file" as a wrapper
eg

#!/bin/bash

newgrp gumby << END

/tmp/shaky.sh

END

View solution in original post

dshakespeare_sp
Splunk Employee
Splunk Employee

A solution for this appears to be to use newgrp in a "here file" as a wrapper
eg

#!/bin/bash

newgrp gumby << END

/tmp/shaky.sh

END

Get Updates on the Splunk Community!

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Your Next Big Security Credential: No Prerequisites Needed We know you’ve got the skills, and now, earning the ...

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

This is the sixth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how to ...

Splunk Answers Content Calendar, July Edition I

Hello Community! Welcome to another month of Community Content Calendar series! For the month of July, we will ...