- Find Answers
- :
- Splunk Administration
- :
- Admin Other
- :
- Installation
- :
- Why are apps installing as root user when dir is n...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've set up my Splunk enterprise as a non-root user and up until last week, all apps installed as non privileged user. However, all apps now install as root - and I don't want this to happen - but any ideas why this would have started in the first place? Its only happened on this install with the latest version of Splunk Enterprise - wondering if its a default perhaps? Version is 6.5.0 - has there been any issues with this distro?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a shot in the dark but did you check by any chance the last restart of Splunk instance happened as root user?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Just a shot in the dark but did you check by any chance the last restart of Splunk instance happened as root user?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Funny enough, after I wrote the question I did, and yes there was a restart by root, weird though as I did the install as another user and was fine going about my business - then this - also after having a look at some of the Splunk directories, some files seemed to have changed to root owned and now doing a restart with the normal user won't work. Any ideas on why this has happened would be helpful too and how I could reverse it (as a lot of files were changed to root owned). I will have another look tomorrow on this, but i've been trialing a bunch of apps and Splunk Enterprise versions on our test range before we actually use it proper so this is a test and analysis phase. Thanks! 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yw. In such cases, as it did happen to me sometimes, I always do a chown -R splunkUser:splunkUsergroup on the Splunk home directory just to be safe so that all files inside the Home Directory which inadvertently went root to ownership are back to the correct splunkUser ownership.
Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?
Index This | What are the 12 Days of Splunk-mas?
Get Inspired! We’ve Got Validation that Your Hard Work is Paying Off
