Hi Forum,
We have an issue with UF 9.0.5. When starting or stopping the filesytem group permissions are changed to the primary group of the technical user running splunk.
when splunk is started we always see the message:
Warning: Attempting to revert the SPLUNK_HOME ownership
Warning: Executing "chown -R splunk_tech_user /opt/splunkforwarder"
This does not chown the user but also the group to the primary group of the user. Any chance to skip this?
version 8.* does not show this issue.
best regards,
Andreas