Customer has reported an issue with Splunk scripted inputs and setgroups. An very simple example would be I have a script $SPLUNK_HOME/bin/script called shaky.sh
This just calls /tmp/test.sh which just contains "echo "hello world date
" >> /tmp/test.out
# ls -l /tmp/test.out
-rwxr-x---. 1 root gumby 27 Jul 16 14:46 /tmp/test.sh
splunkd runs as user "splunk" and gumby is a secondary group.
# id splunk
uid=500(splunk) gid=500(splunk) groups=500(splunk),502(gumby)
The script does not run and there are lots of permission denied errors from the script in splunkd.log
If user splunk is changed to have gumby as a primary group, it works as expected
Is there away to get this working with a secondary group?
A solution for this appears to be to use newgrp in a "here file" as a wrapper
eg
#!/bin/bash
newgrp gumby << END
/tmp/shaky.sh
END
A solution for this appears to be to use newgrp in a "here file" as a wrapper
eg
#!/bin/bash
newgrp gumby << END
/tmp/shaky.sh
END