Security

Why is permission denied when restarting Splunk?

ram254481493
Explorer

When we try to restart the splunk it says its getting permission denied on these two files:/etc/sysconfig/init: Permission denied and etc/rc.d/init.d/functions.

Both of these files are owned by root and Splunk is running as user, but I have another server who have same owned by root and Splunk running as user is working fine but don't know why its creating issues on this server?

0 Karma

jutzasconsist
New Member

Hi,

you have top stop splunk first. If you started it with root permissions, you have to stop it as "root".
Change owner of /opt/splunk directory to you splunkuser (chown -R splunkuser:splunkgroup /opt/splunk)
Please replace my splunkuser example with the username and the group you did choose to run splunk in you environment.
After you did this, you should try to start is as splunkuser. Afterwards you can set the boot-start by doing the command @klischatb named: /opt/splunk/bin/splunk enable boot-start -user splunkunser

Hope this helps. Please let us know.

0 Karma

klischatb
Path Finder

Hello,
on the first time you start splunk, you want to start it as splunkuser (not as root).
When you want to enable boot-start you should use this command : ./splunk enable boot-start -user splunkunser

If your environment is fresh, just reinstall splunk and try this way.

0 Karma

jiangj
New Member

Is this problem resolved? I am running into the same issue here.,Is this issue resolved? I am having the same problem here.

0 Karma

codebuilder
Motivator

What command are you using to start Splunk?

0 Karma

ram254481493
Explorer

i am using ./splunk start on bin folder.

0 Karma
Take the 2021 Splunk Career Survey

Help us learn about how Splunk has
impacted your career by taking the 2021 Splunk Career Survey.

Earn $50 in Amazon cash!