Security
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SUID - running as non root but use port 80

thiru25
Explorer
‎11-15-2012 01:55 PM

I wanted to splunk searchead to run as nonroot but to use port 80. I tried to suid on splunk binary but it's having problems finding the libaries. I setup LD_LIBRARY_PATH but it's not using external LD_LIBRARY_PATH. Is there a way to set LD_LIBRARY_PATH before starting splunk?

I used following commands for suid.
chown root /opt/splunk/bin/splunk
chmod 4755 /opt/splunk/bin/splunk

Thanks,
Thiru.

Tags (1)
Reply

Ayn
Legend
‎11-15-2012 02:32 PM

Splunk will need root privileges to be able to listen to port 80. You could either mess around with suid bits and in the end miss the point of why you'd want Splunk not to run as root anyway, or you could have Splunk run completely as non-root and use iptables for redirecting incoming traffic on port 80 to whatever non-privileged port you configure Splunk to use.

For instance, with Splunk listening to port 8000:

iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8000
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  🚀 Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...