Installation

Changing the owner of the splunk universal forwarder to a non-root user

performancemoni
Path Finder

Hello,

We have remote linux servers with universal forwarders already installed by root, we are not admin of these servers and we don't even have a user for us to connect on these servers either. We would like to be able to access the servers as basic users, for instance with a "splunk" user, manage the forwarder configuration and use the splunk command lines (splunk start/restart/btool etc...) with this user, without requiring admin rights.

How can we achieve that ?

I guess we first need the "splunk" user to be created on the servers with a password so that we can at least access the machines.

Then do we just need to change the boot-start configuration and the owner of the forwarder file system ?

/opt/splunk/splunkforwarder/bin/splunk enable boot-start -user splunk
chown -R splunk /opt/splunk/splunkforwarder

 And now we should be able to manipulate the forwarder as we want without admin rights, right ?

We wish we had a spare linux server to test this on but sadly we don't have any means to do this...

Thank you for your help !

Labels (2)
0 Karma

gcusello
Esteemed Legend

Hi @performancemoni ,

did you already seen this: https://docs.splunk.com/Documentation/Splunk/8.0.4/Installation/RunSplunkasadifferentornon-rootuser

I have only one hint for you: before start, check if the splunk user can access all the files to monitor and execute all the scripts you have.

Ciao.

Giuseppe

Get Updates on the Splunk Community!

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...