Security

Why is permission denied when restarting Splunk?

Explorer

When we try to restart the splunk it says its getting permission denied on these two files:/etc/sysconfig/init: Permission denied and etc/rc.d/init.d/functions.

Both of these files are owned by root and Splunk is running as user, but I have another server who have same owned by root and Splunk running as user is working fine but don't know why its creating issues on this server?

0 Karma

New Member

Hi,

you have top stop splunk first. If you started it with root permissions, you have to stop it as "root".
Change owner of /opt/splunk directory to you splunkuser (chown -R splunkuser:splunkgroup /opt/splunk)
Please replace my splunkuser example with the username and the group you did choose to run splunk in you environment.
After you did this, you should try to start is as splunkuser. Afterwards you can set the boot-start by doing the command @klischatb named: /opt/splunk/bin/splunk enable boot-start -user splunkunser

Hope this helps. Please let us know.

0 Karma

Explorer

Hello,
on the first time you start splunk, you want to start it as splunkuser (not as root).
When you want to enable boot-start you should use this command : ./splunk enable boot-start -user splunkunser

If your environment is fresh, just reinstall splunk and try this way.

0 Karma

New Member

Is this problem resolved? I am running into the same issue here.,Is this issue resolved? I am having the same problem here.

0 Karma

Motivator

What command are you using to start Splunk?

0 Karma

Explorer

i am using ./splunk start on bin folder.

0 Karma