Installation

How do we start Splunk after upgrading to 6.2.2 from 6.0 if we don't have read permissions for /etc/inittab?

singk18
New Member

Getting the below error :

bin $ ./splunk start --accept-license --answer-yes --auto-ports --no-prompt

Splunk> Like an F-18, bro.

Checking prerequisites...
        Checking mgmt port [8089]: open
        Checking conf files for problems...
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
reading /etc/inittab: Permission denied

Note : I had used 6.0 version before and was able to start and stop, but after upgrading to 6.2.2 it is referring to /etc/inittab file and we don't have read permissions on this file due to security limitations.

We dont have root access to change any files which are owned by root.

Kindly help us to resolve the issue with out changing the permissions in /etc/inittab

Labels (2)
0 Karma

atari1050
Path Finder

All users should have access to read the inittab file at least. There is not much you can do except request a permission change on that file.

It should be: -rw-r--r-- (owned by root)

Your other alternative is to request Splunk to run as root, but I do not recommend it.

Sincerely,
Mike

0 Karma

singk18
New Member

Hi Mike,

I had checked with my concerned team to provide the read privileges, but as per the security limitations they are not ready to provide the read access.

For version 6.0 I am able to start and stop the splunk and it is not referring to /etc/inittab and has the same permissions.
But in the version 6.2.2 it is referring to /etc/inittab. Is there any way that we can modify the splunkd files which is referring the inittab and can disable it.

Could you please let me know, If there is any way with out modifying the permissions of /etc/inittab and using the splunk.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...