How do I allow users to perform some admin command without giving them full admin rights?

Path Finder


We would like to give another team the possibility to run administrative commands such as:

  • show shcluster-status
  • resync shcluster-replicated-config
  • offline

But we don't want to give them a role "admin". Is it possible to do this? I was thinking about giving specific sudo right, but those commands require a login after you type them.

Maybe there is a way to keep the login alive for a infinite period of time? This way, they would be able to run the command with a "sudo -u splunk" command without having to login as a Splunk admin user.

Any idea ?

0 Karma

Ultra Champion

You can configure sudo to have the specific unix commands you delegate to the other team.

0 Karma


You can write a Python script and create a custom search command on the search head. The script would run as admin and only give access to the custom search command to a specific set of user.

Or on the Linux box use setuid on a bash script that would run as root but can be exec. by non root user like the password command.

When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file. This special permission allows a user to access files and directories that are normally only available to the owner. For example, the setuid permission on the passwd command makes it possible for a user to change passwords, assuming the permissions of the root ID
0 Karma

Path Finder

Oh that is a good idea but how can I store securely the admin password in this script? This a very sensitive topic...

0 Karma
Get Updates on the Splunk Community!

Platform Newsletter Highlights | March 2023

 March 2023 | Check out the latest and greatestIntroducing Splunk Edge Processor, simplified data ...

Enterprise Security Content Updates (ESCU) - New Releases

In the last month, the Splunk Threat Research Team (STRT) has had 3 releases of new content via the Enterprise ...

Thought Leaders are Validating Your Hard Work and Training Rigor

As a Splunk enthusiast and member of the Splunk Community, you are one of thousands who recognize the value of ...