Installation
Highlighted

How do we start Splunk after upgrading to 6.2.2 from 6.0 if we don't have read permissions for /etc/inittab?

New Member

Getting the below error :

bin $ ./splunk start --accept-license --answer-yes --auto-ports --no-prompt

Splunk> Like an F-18, bro.

Checking prerequisites...
        Checking mgmt port [8089]: open
        Checking conf files for problems...
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
reading /etc/inittab: Permission denied

Note : I had used 6.0 version before and was able to start and stop, but after upgrading to 6.2.2 it is referring to /etc/inittab file and we don't have read permissions on this file due to security limitations.

We dont have root access to change any files which are owned by root.

Kindly help us to resolve the issue with out changing the permissions in /etc/inittab

Labels (2)
0 Karma
Highlighted

Re: How do we start Splunk after upgrading to 6.2.2 from 6.0 if we don't have read permissions for /etc/inittab?

Path Finder

All users should have access to read the inittab file at least. There is not much you can do except request a permission change on that file.

It should be: -rw-r--r-- (owned by root)

Your other alternative is to request Splunk to run as root, but I do not recommend it.

Sincerely,
Mike

0 Karma
Highlighted

Re: How do we start Splunk after upgrading to 6.2.2 from 6.0 if we don't have read permissions for /etc/inittab?

New Member

Hi Mike,

I had checked with my concerned team to provide the read privileges, but as per the security limitations they are not ready to provide the read access.

For version 6.0 I am able to start and stop the splunk and it is not referring to /etc/inittab and has the same permissions.
But in the version 6.2.2 it is referring to /etc/inittab. Is there any way that we can modify the splunkd files which is referring the inittab and can disable it.

Could you please let me know, If there is any way with out modifying the permissions of /etc/inittab and using the splunk.

0 Karma