Security
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

How do I allow users to perform some admin command without giving them full admin rights?

davietch
Path Finder
‎10-24-2018 07:12 AM

Hi,

We would like to give another team the possibility to run administrative commands such as:

  • show shcluster-status
  • resync shcluster-replicated-config
  • offline

But we don't want to give them a role "admin". Is it possible to do this? I was thinking about giving specific sudo right, but those commands require a login after you type them.

Maybe there is a way to keep the login alive for a infinite period of time? This way, they would be able to run the command with a "sudo -u splunk" command without having to login as a Splunk admin user.

Any idea ?

0 Karma
Reply

ddrillic
Ultra Champion
‎10-28-2018 03:01 PM

You can configure sudo to have the specific unix commands you delegate to the other team.

0 Karma
Reply

valiquet
Contributor
‎10-28-2018 03:27 AM

You can write a Python script and create a custom search command on the search head. The script would run as admin and only give access to the custom search command to a specific set of user.

Or on the Linux box use setuid on a bash script that would run as root but can be exec. by non root user like the password command.

When set-user identification (setuid) permission is set on an executable file, a process that runs this file is granted access based on the owner of the file (usually root), rather than the user who is running the executable file. This special permission allows a user to access files and directories that are normally only available to the owner. For example, the setuid permission on the passwd command makes it possible for a user to change passwords, assuming the permissions of the root ID
0 Karma
Reply

davietch
Path Finder
‎10-29-2018 02:23 AM

Oh that is a good idea but how can I store securely the admin password in this script? This a very sensitive topic...

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

How to find the worst searches in your Splunk environment and how to fix them

Everyone knows Splunk is a powerful platform for running searches and doing data analytics. Your ...

Share Your Feedback: On Admin Config Service (ACS)!

Help Us Build a Better Admin Config Service Experience (ACS)   We Want Your Feedback on Admin Config Service ...