Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Permission Denied when checking status of Splunk

pfabrizi
Path Finder
‎01-03-2018 03:27 AM

I get these errors when trying to check the status of SPLUNK after a restart of the device:
Pid file "/trvapps/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission de nied
Cannot initialize: /trvapps/splunk/etc/system/metadata/local.meta: Permission de nied
Cannot initialize: /trvapps/splunk/etc/system/metadata/local.meta: Permission de nied
Cannot initialize: /trvapps/splunk/etc/system/metadata/local.meta: Permission de nied
Pid file "/trvapps/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission de nied
splunkd.pid file is unreadable.
Pid file "/trvapps/splunk/var/run/splunk/splunkd.pid" unreadable.: Permission de nied

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎01-03-2018 03:31 AM

It looks like you are running splunk as X user and you are trying to check splunk status with Y user and Y user does not have permission to read those files/directory created by X user so you are getting this error.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

pfabrizi
Path Finder
‎01-03-2018 03:34 AM

I found that the files in question had root:root as owner. I changed to splunk and I was able to run the command okay.

Can someone tell me how these got set to root?

Thanks!

0 Karma
Reply
Solved! Jump to solution

harsmarvania57
Ultra Champion
‎01-03-2018 03:39 AM

Great, you found the issue. Have you enabled splunk boot start using command $SPLUNK_HOME/bin/splunk enable boot-start ? If yes then server will start splunk during server boot as root user. If you need to start splunk as spunk user during server boot then run command $SPLUNK_HOME/bin/splunk enable boot-start -user splunk as root user which will modify boot script and due to vulnerability in this one you need to modify boot script as well. For more detailed documentation please refer https://docs.splunk.com/Documentation/Splunk/7.0.1/Admin/ConfigureSplunktostartatboottime

0 Karma
Reply
Solved! Jump to solution

pfabrizi
Path Finder
‎01-03-2018 05:00 AM

Thanks, I went back through my procedures and found that when I originally installed I didn't have the -user splunk argument. I have since added that.

Thanks!

0 Karma
Reply
Solved! Jump to solution
Solution

harsmarvania57
Ultra Champion
‎01-03-2018 03:31 AM

It looks like you are running splunk as X user and you are trying to check splunk status with Y user and Y user does not have permission to read those files/directory created by X user so you are getting this error.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...

What's New in Splunk Observability Cloud and Splunk AppDynamics - May 2025

This month, we’re delivering several new innovations in Splunk Observability Cloud and Splunk AppDynamics ...

Getting Started with Splunk Artificial Intelligence, Insights for Nonprofits, and ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Top