I wanted to splunk searchead to run as nonroot but to use port 80. I tried to suid on splunk binary but it's having problems finding the libaries. I setup LD_LIBRARY_PATH but it's not using external LD_LIBRARY_PATH. Is there a way to set LD_LIBRARY_PATH before starting splunk?
I used following commands for suid.
chown root /opt/splunk/bin/splunk
chmod 4755 /opt/splunk/bin/splunk
Splunk will need root privileges to be able to listen to port 80. You could either mess around with suid bits and in the end miss the point of why you'd want Splunk not to run as root anyway, or you could have Splunk run completely as non-root and use iptables for redirecting incoming traffic on port 80 to whatever non-privileged port you configure Splunk to use.