Hi All,
I am new to splunk.
While starting splunk for the 1st time , it is starting with "build" user even though $SPLUNK_HOME has root ownership.
ps -ef| grep splunk
build 736222 1 0 06:42 ? 00:00:06 splunkd -p 8089 restart
build 736226 736222 0 06:42 ? 00:00:00 [splunkd pid=736222] splunkd -p 8089 restart [process-runner]
I want to run it with root user....
How to fix this issue??
Hi @gcd24967,
please read this: https://docs.splunk.com/Documentation/Splunk/9.0.5/Installation/RunSplunkasadifferentornon-rootuser
Ciao.
Giuseppe
Hi @gcd24967,
please read this: https://docs.splunk.com/Documentation/Splunk/9.0.5/Installation/RunSplunkasadifferentornon-rootuser
Ciao.
Giuseppe
drwxrwxrwx. 10 root root 4096 Jun 7 06:42 /u01/app/splunkforwarder/
SPLUNK_HOME has root ownership only...
still splunk is starting with build user
Hi
you should read this https://docs.splunk.com/Documentation/Forwarder/latest/Forwarder/Installleastprivileged
The best practices is never run splunk (not UF or enterprise) as a root. Newer use directories where anyone can write or even read if/when you have some valuable data on those.
Another good document is https://docs.splunk.com/Documentation/Splunk/latest/Security/Hardeningstandards
r. Ismo
Thanks for the information @isoutamo
Hi @gcd24967 ,
good for you, see next time!
Ciao and happy splunking
Giuseppe
P.S.: Karma Points are appreciated by all the Contributors 😉
Hi @gcd24967,
you have to change owner to all the folder and start the process as splunk user as described in the above documentation.
ciao.
Giuseppe