Security

Splunk startup script, start as splunk user

joberget
Path Finder

Hi, I recently installed the new Splunk Universal Forwarder. I use the built-in bootup script that comes with Splunk, however I want Splunk to start as the splunk user and not root. How do I change that? I know I can add su - splunk in front of the "/opt/splunk/bin/splunk" start --no-prompt. What is best practice here?

splunk_start() {
  echo Starting Splunk...
  su - splunk "/opt/splunk/bin/splunk" start --no-prompt
  RETVAL=$?
}
Tags (3)
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

If you set up the boot script using:

./splunk enable boot-start -user splunk

instead of just

./splunk enable boot-start

the boot script will be created to run as the user specified. I believe that it pretty much just uses su - splunk as above though.

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

If you set up the boot script using:

./splunk enable boot-start -user splunk

instead of just

./splunk enable boot-start

the boot script will be created to run as the user specified. I believe that it pretty much just uses su - splunk as above though.

gfriedmann
Communicator

You also may want to "chown -R splunk:splunk /opt/splunk" while the system is down.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...