We have a workaround in place to address the replication bug in our current version of Splunk (4.1x). Our /opt/splunk/etc/ directory is shared to the indexers via nfs export and replication is disabled.
Unfortunately, when a change is made to props.conf, Splunk changes the permissions of the directory and files (/opt/splunk/etc/apps/search/local/props.conf) to 700.
I have manually changed permissions to 744 only to have them changed back when I (or another user) make a change, such as add field extractions, from UI. This breaks all custom field extractions.
How can I force Splunk not to change the permissions on these directories and files?