Security

What should be the proper Unix permissions for files in a locally-written app in $SPLUNK_HOME/etc/apps?

Path Finder

We're installing locally-written Splunk apps via puppet and are curious what the proper permissions for a user-written app under $SPLUNK_HOME/etc/apps should be. The Splunk gui does things as its defaults, which I hope are the correct default case. Is what it does (or what we should do) documented someplace?

Note I do 'not' want to set permissions via the Splunk administrative gui. The questions is what the Unix permissions should be for files in a locally-written app under $SPLUNK_HOME/etc/apps. Thanks.

SplunkTrust
SplunkTrust

Here's how i did it (passes app certification on add-on builder now):

find /opt/splunk/etc/apps/myApp/ -type d | xargs chmod 755 $_
find /opt/splunk/etc/apps/myApp/ -type f | xargs chmod 644 $_
find /opt/splunk/etc/apps/myapp/bin/ -type f | xargs chmod 655 $_
chmod 600 /opt/splunk/etc/apps/myapp/app.manifest
chmod 644 /opt/splunk/etc/apps/myapp/README.txt

and here is what i ended up with

[splunk@ip-172-31-40-93 TA-webtools]$ ls -al *
-rw------- 1 splunk splunk 1046 Aug 21 16:06 app.manifest
-rw-r--r-- 1 splunk splunk   56 Aug 14 10:36 README.txt

appserver:
total 0
drwxr--r-- 4 splunk splunk  37 Aug 21 12:37 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
drwxr--r-- 5 splunk splunk  38 Aug 21 12:37 static
drwxr--r-- 2 splunk splunk  23 Aug 21 15:39 templates

bin:
total 92
drwxr--r--  3 splunk splunk  4096 Aug 21 15:39 .
drwxr--r--  9 splunk splunk   144 Aug 21 12:37 ..
-rwxr-xr-x  1 splunk splunk  4607 Aug 21 14:09 curl_inputs.py
-rwxr-xr-x  1 splunk splunk 10082 Aug 21 11:18 curl.py
-rwxr-xr-x  1 splunk splunk  2269 Aug 21 14:09 input_module_curl_inputs.py
-rwxr-xr-x  1 splunk splunk  1969 Aug 21 15:10 input_module_curl_inputs.pyc
-rwxr-xr-x  1 splunk splunk  7337 Aug 21 15:39 input_module_test_port_input.py
-rwxr-xr-x  1 splunk splunk  2329 Aug 21 15:39 input_module_test_port_input.pyc
-rwxr-xr-x  1 splunk splunk  2305 Aug 21 15:10 input_module_test_port.pyc
drwxr--r-- 20 splunk splunk  4096 Aug 21 12:37 ta_webtools
-rwxr-xr-x  1 splunk splunk   462 Aug 21 15:39 ta_webtools_declare.py
-rwxr-xr-x  1 splunk splunk   711 Aug 21 15:39 ta_webtools_declare.pyc
-rwxr-xr-x  1 splunk splunk  2231 Aug 21 15:39 TA_webtools_rh_curl_inputs.py
-rwxr-xr-x  1 splunk splunk   746 Aug 21 15:39 TA_webtools_rh_settings.py
-rwxr-xr-x  1 splunk splunk  2070 Aug 21 15:39 TA_webtools_rh_test_port_input.py
-rwxr-xr-x  1 splunk splunk  2064 Aug 21 15:10 TA_webtools_rh_test_port.py
-rwxr-xr-x  1 splunk splunk  4345 Aug 21 15:39 test_port_input.py
-rwxr-xr-x  1 splunk splunk  3721 Aug 21 12:23 testport.py
-rwxr-xr-x  1 splunk splunk  1969 Aug 21 10:15 urlencode.py

default:
total 16
drwxr--r-- 3 splunk splunk  114 Aug 21 15:39 .
drwxr--r-- 9 splunk splunk  144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk  146 Aug 24 16:37 addon_builder.conf
-rw-r--r-- 1 splunk splunk 1325 Aug 21 10:20 app.conf
-rw-r--r-- 1 splunk splunk  819 Aug 21 11:50 commands.conf
drwxr--r-- 3 splunk splunk   16 Aug 14 10:36 data
-rw-r--r-- 1 splunk splunk   11 Aug 21 15:39 ta_webtools_settings.conf

local:
total 20
drwxr--r-- 2 splunk splunk  95 Aug 24 10:49 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 586 Aug 21 16:06 app.conf
-rw-r--r-- 1 splunk splunk 309 Aug 21 15:39 inputs.conf
-rw-r--r-- 1 splunk splunk 341 Aug 21 14:23 props.conf
-rw-r--r-- 1 splunk splunk 555 Aug 21 15:39 restmap.conf
-rw-r--r-- 1 splunk splunk 647 Aug 21 15:39 web.conf

metadata:
total 8
drwxr--r-- 2 splunk splunk  44 Aug 21 14:23 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 125 Aug 14 10:36 default.meta
-rw-r--r-- 1 splunk splunk 367 Aug 21 14:23 local.meta

README:
total 12
drwxr--r-- 2 splunk splunk  99 Aug 21 15:39 .
drwxr--r-- 9 splunk splunk 144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk  78 Aug 14 10:36 addon_builder.conf.spec
-rw-r--r-- 1 splunk splunk 249 Aug 21 15:39 inputs.conf.spec
-rw-r--r-- 1 splunk splunk  21 Aug 21 15:39 ta_webtools_settings.conf.spec

static:
total 24
drwxr--r-- 2 splunk splunk   94 Aug 21 10:14 .
drwxr--r-- 9 splunk splunk  144 Aug 21 12:37 ..
-rw-r--r-- 1 splunk splunk 4831 Aug 21 16:06 appIcon_2x.png
-rw-r--r-- 1 splunk splunk 4831 Aug 21 16:06 appIconAlt_2x.png
-rw-r--r-- 1 splunk splunk 2099 Aug 21 16:06 appIconAlt.png
-rw-r--r-- 1 splunk splunk 2099 Aug 21 16:06 appIcon.png

Motivator

755 for bin and 744 for all other directories

0 Karma

Ultra Champion

From the Unix perspective it's all uniform. Should look like -

splnkdvl@host:/opt/splunk/etc/apps/app_name
$ ll
total 16
drwx--x--x. 2 splnkdvl group_name 4096 Dec 16  2015 bin
drwx--x--x. 3 splnkdvl group_name 4096 Dec 16  2015 default
drwx------. 2 splnkdvl group_name 4096 Dec 16  2015 local
drwx--x--x. 2 splnkdvl group_name 4096 May 27 17:50 metadata

The fine access administration is really at the Splunk application level documented at Step 5: Set permissions

0 Karma

Path Finder

No, ignore the step 5 stuff, that's not relevant. I'm asking about unix permissions on the filesystem only.

More detail - I'm trying to permit shared group-write for development where a developer could ssh into the search-head and build their app via some combination of manual editing and using the gui to build dashboards etc. If they stay all gui for their development, the app works, but the group and world permissions are getting reset by the gui 'save' actions to something other than the state the tree started with (in general, the group-write gets removed, sometimes even group-read). If they work all interactively in an editor, the app doesn't always work due to needing service resets all the time if they edit any .conf files or the like.

So I'm trying to dig into what the 'unix' filesystem permissions are supposed to be in $SPLUNK_HOME/etc/apps/myappname

Also, the permissions there differ a lot for unix and mac variants of splunk, which I can't explain either. Is there a way to reverse engineer what the splunk gui is setting when you hit 'save' ?