Installation

Why are apps installing as root user when dir is not root owned?

robnewman666
Path Finder

I've set up my Splunk enterprise as a non-root user and up until last week, all apps installed as non privileged user. However, all apps now install as root - and I don't want this to happen - but any ideas why this would have started in the first place? Its only happened on this install with the latest version of Splunk Enterprise - wondering if its a default perhaps? Version is 6.5.0 - has there been any issues with this distro?

Labels (1)
0 Karma
1 Solution

gokadroid
Motivator

Just a shot in the dark but did you check by any chance the last restart of Splunk instance happened as root user?

View solution in original post

0 Karma

gokadroid
Motivator

Just a shot in the dark but did you check by any chance the last restart of Splunk instance happened as root user?

0 Karma

robnewman666
Path Finder

Funny enough, after I wrote the question I did, and yes there was a restart by root, weird though as I did the install as another user and was fine going about my business - then this - also after having a look at some of the Splunk directories, some files seemed to have changed to root owned and now doing a restart with the normal user won't work. Any ideas on why this has happened would be helpful too and how I could reverse it (as a lot of files were changed to root owned). I will have another look tomorrow on this, but i've been trialing a bunch of apps and Splunk Enterprise versions on our test range before we actually use it proper so this is a test and analysis phase. Thanks! 🙂

0 Karma

gokadroid
Motivator

Yw. In such cases, as it did happen to me sometimes, I always do a chown -R splunkUser:splunkUsergroup on the Splunk home directory just to be safe so that all files inside the Home Directory which inadvertently went root to ownership are back to the correct splunkUser ownership.

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...