Installation
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How do we start Splunk after upgrading to 6.2.2 from 6.0 if we don't have read permissions for /etc/inittab?

singk18
New Member
‎07-13-2015 07:20 AM

Getting the below error :

bin $ ./splunk start --accept-license --answer-yes --auto-ports --no-prompt

Splunk> Like an F-18, bro.

Checking prerequisites...
        Checking mgmt port [8089]: open
        Checking conf files for problems...
        Done
All preliminary checks passed.

Starting splunk server daemon (splunkd)...
reading /etc/inittab: Permission denied

Note : I had used 6.0 version before and was able to start and stop, but after upgrading to 6.2.2 it is referring to /etc/inittab file and we don't have read permissions on this file due to security limitations.

We dont have root access to change any files which are owned by root.

Kindly help us to resolve the issue with out changing the permissions in /etc/inittab

Labels (2)
Labels
0 Karma
Reply

atari1050
Path Finder
‎07-13-2015 08:26 AM

All users should have access to read the inittab file at least. There is not much you can do except request a permission change on that file.

It should be: -rw-r--r-- (owned by root)

Your other alternative is to request Splunk to run as root, but I do not recommend it.

Sincerely,
Mike

0 Karma
Reply

singk18
New Member
‎07-13-2015 08:42 AM

Hi Mike,

I had checked with my concerned team to provide the read privileges, but as per the security limitations they are not ready to provide the read access.

For version 6.0 I am able to start and stop the splunk and it is not referring to /etc/inittab and has the same permissions.
But in the version 6.2.2 it is referring to /etc/inittab. Is there any way that we can modify the splunkd files which is referring the inittab and can disable it.

Could you please let me know, If there is any way with out modifying the permissions of /etc/inittab and using the splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Registration is OPEN!

Ready. Set. Splunk! Your favorite Splunk user event is back and better than ever. Get ready for more technical ...

Detecting Cross-Channel Fraud with Splunk

This article is the final installment in our three-part series exploring fraud detection techniques using ...

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Pack your bags (and maybe your dancing shoes)—Cisco Live is heading to San Diego, June 8–12, 2025, and Splunk ...