Solved: Re: owner of props.conf ?

martinh3 · ‎06-15-2015

I'm fairly new to Splunk, but I use it both at home (on openSUSE linux) and at work (redhat linux).
At home, most of the installed files are owned by "splunk".
At work, we're working with a fairly new install, and I noticed that the .conf files on the Splunk Enterprise are owned by root, and read/writable only for root : ( -rw------- ) .
Can anyone think of a possible configuration where this would be advisable?

MuS · ‎06-15-2015

Hi martinh3,

there are two answers related to this topic:
http://answers.splunk.com/answers/145385/should-we-run-splunk-as-root-or-non-root-user.html
http://answers.splunk.com/answers/186821/is-there-any-reason-not-to-run-splunk-as-root.html

To sum them up, it is not advised to run Splunk as root - run it with the splunk user account.

Hope this helps ...

cheers, MuS

View solution in original post

MuS · ‎06-15-2015

Hi martinh3,

there are two answers related to this topic:
http://answers.splunk.com/answers/145385/should-we-run-splunk-as-root-or-non-root-user.html
http://answers.splunk.com/answers/186821/is-there-any-reason-not-to-run-splunk-as-root.html

To sum them up, it is not advised to run Splunk as root - run it with the splunk user account.

Hope this helps ...

cheers, MuS

owner of props.conf ?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

Splunk Community Badges!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Join the Conversation