Hi, I recently installed the new Splunk Universal Forwarder. I use the built-in bootup script that comes with Splunk, however I want Splunk to start as the splunk user and not root. How do I change that? I know I can add su - splunk in front of the "/opt/splunk/bin/splunk" start --no-prompt. What is best practice here?
splunk_start() {
echo Starting Splunk...
su - splunk "/opt/splunk/bin/splunk" start --no-prompt
RETVAL=$?
}
If you set up the boot script using:
./splunk enable boot-start -user splunk
instead of just
./splunk enable boot-start
the boot script will be created to run as the user specified. I believe that it pretty much just uses su - splunk
as above though.
If you set up the boot script using:
./splunk enable boot-start -user splunk
instead of just
./splunk enable boot-start
the boot script will be created to run as the user specified. I believe that it pretty much just uses su - splunk
as above though.
You also may want to "chown -R splunk:splunk /opt/splunk" while the system is down.