Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Permission Denied when checking status of Splunk

pfabrizi
Path Finder
‎01-03-2018 03:27 AM

I get these errors when trying to check the status of SPLUNK after a restart of the device:
Pid file "/trvapps/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission de nied
Cannot initialize: /trvapps/splunk/etc/system/metadata/local.meta: Permission de nied
Cannot initialize: /trvapps/splunk/etc/system/metadata/local.meta: Permission de nied
Cannot initialize: /trvapps/splunk/etc/system/metadata/local.meta: Permission de nied
Pid file "/trvapps/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission de nied
splunkd.pid file is unreadable.
Pid file "/trvapps/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission de nied

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎01-03-2018 03:31 AM

It looks like you are running splunk as X user and you are trying to check splunk status with Y user and Y user does not have permission to read those files/directory created by X user so you are getting this error.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

pfabrizi
Path Finder
‎01-03-2018 03:34 AM

I found that the files in question had root:root as owner. I changed to splunk and I was able to run the command okay.

Can someone tell me how these got set to root?

Thanks!

0 Karma
Reply
Solved! Jump to solution

harsmarvania57
Ultra Champion
‎01-03-2018 03:39 AM

Great, you found the issue. Have you enabled splunk boot start using command $SPLUNK_HOME/bin/splunk enable boot-start ? If yes then server will start splunk during server boot as root user. If you need to start splunk as spunk user during server boot then run command $SPLUNK_HOME/bin/splunk enable boot-start -user splunk as root user which will modify boot script and due to vulnerability in this one you need to modify boot script as well. For more detailed documentation please refer https://docs.splunk.com/Documentation/Splunk/7.0.1/Admin/ConfigureSplunktostartatboottime

0 Karma
Reply
Solved! Jump to solution

pfabrizi
Path Finder
‎01-03-2018 05:00 AM

Thanks, I went back through my procedures and found that when I originally installed I didn't have the -user splunk argument. I have since added that.

Thanks!

0 Karma
Reply
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎01-03-2018 03:31 AM

It looks like you are running splunk as X user and you are trying to check splunk status with Y user and Y user does not have permission to read those files/directory created by X user so you are getting this error.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability as Code: From Zero to Dashboard

For the details on what Self-Service Observability and Observability as Code is, we have some awesome content ...

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Shape the Future of Splunk: Join the Product Research Lab!

Join the Splunk Product Research Lab and connect with us in the Slack channel #product-research-lab to get ...