Getting the below error :
bin $ ./splunk start --accept-license --answer-yes --auto-ports --no-prompt Splunk> Like an F-18, bro. Checking prerequisites... Checking mgmt port : open Checking conf files for problems... Done All preliminary checks passed. Starting splunk server daemon (splunkd)... reading /etc/inittab: Permission denied
Note : I had used 6.0 version before and was able to start and stop, but after upgrading to 6.2.2 it is referring to /etc/inittab file and we don't have read permissions on this file due to security limitations.
We dont have root access to change any files which are owned by root.
Kindly help us to resolve the issue with out changing the permissions in /etc/inittab
All users should have access to read the inittab file at least. There is not much you can do except request a permission change on that file.
It should be: -rw-r--r-- (owned by root)
Your other alternative is to request Splunk to run as root, but I do not recommend it.
I had checked with my concerned team to provide the read privileges, but as per the security limitations they are not ready to provide the read access.
For version 6.0 I am able to start and stop the splunk and it is not referring to /etc/inittab and has the same permissions.
But in the version 6.2.2 it is referring to /etc/inittab. Is there any way that we can modify the splunkd files which is referring the inittab and can disable it.
Could you please let me know, If there is any way with out modifying the permissions of /etc/inittab and using the splunk.