Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Required permission for linux user owner of Splunk software

SplunkExplorer
Contributor
‎07-12-2024 01:44 AM

Hi Guys, we have a doubt reagarding the user that execute Splunk on a linux environment.

Until now, we have always avoided use of root user; instead, we have always  installed and configured Splunk on Linux in the following way:

  • Create a dedicated user, eg. "splunkuser"
  • Change ownership of splunk installation folder to that user
  • Configure splunk for boot autorun with dedicated user

What is not clear for us, and we didn't found on doc, is: suppose this user belongs to sudoers group. Here 2 question rise:

  1. It can be removed from sudoers, or some Splunk related process require it belong to that group?
  2. If it cannot be totally removed from sudoers, which process requires it maintain such kind of privileges?
Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2024 03:24 AM

Hi @SplunkExplorer ,

I usually use user splunk and I don't add it to sudoers, but I enabled ACL.

Ciao.

Giuseppe

View solution in original post

Reply
Solved! Jump to solution
Solution

gcusello
SplunkTrust
SplunkTrust
‎07-12-2024 03:24 AM

Hi @SplunkExplorer ,

I usually use user splunk and I don't add it to sudoers, but I enabled ACL.

Ciao.

Giuseppe

Reply
Solved! Jump to solution

SanjayReddy
SplunkTrust
SplunkTrust
‎07-12-2024 02:06 AM

Hi @SplunkExplorer 

for your question regarding sudors

I dont think Splunkuser you created , by deafult its not part of any sudors list , it will be group same as splunk user

for running Splunk on linux you dont need to part of any sudors. Splunk perfrom its core funcations as normal.




0 Karma
Reply
Get Updates on the Splunk Community!

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Survey for Splunk Admins and App Developers is open now! | Earn a $35 gift card!      Hello there,  Splunk ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

As we’ve seen, integrating Kubernetes environments with Splunk Observability Cloud is a quick and easy way to ...