Splunk Cloud Platform
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Receiving a Splunk app permission issue?

mala_fmr
Engager
‎10-17-2022 01:57 PM

We have an custom app which contains just props and transforms configs...
When we try to upload app.tgz file. it throws below failures
Need some insights on this.

Source code and binaries standards
[ failure ] Check that files outside of the bin/ and appserver/controllers directory do not have execute permissions and are not .exe files. On Unix platform, Splunk recommends 644 for all app files outside of the bin/ directory, 644 for scripts within the bin/ directory that are invoked using an interpreter (e.g. python my_script.py or sh my_script.sh), and 755 for scripts within the bin/ directory that are invoked directly (e.g. ./my_script.sh or ./my_script). On Windows platform, Splunk recommends removing user's FILE_GENERIC_EXECUTE for all app files outside of the bin/ directory except users in ['Administrators', 'SYSTEM', 'Authenticated Users', 'Administrator'].
  • This file has execute permissions for owners, groups, or others. File: default/transforms.conf
  • This file has execute permissions for owners, groups, or others. File: metadata/default.meta
  • This file has execute permissions for owners, groups, or others. File: default/props.conf
  • This file has execute permissions for owners, groups, or others. File: default/app.conf
Labels (1)
Labels
0 Karma
Reply

mala_fmr
Engager
‎11-03-2022 10:47 AM

I could resolve this issue following package app method explained in this link.
Package apps | Documentation | Splunk Developer Program

0 Karma
Reply

mala_fmr
Engager
‎10-19-2022 02:57 PM

@richgalloway thanks for the solution..
I tried to change the mode in linux box. I see these failures. Any idea on this?

 

mala_fmr_0-1666216596584.png

 



0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
a week ago

It looks like the app was not re-packaged properly on the Linux box.  Perhaps an extra directory level was added.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-19-2022 05:15 PM

Vetting apps is an iterative process.  You fix errors, re-package and re-submit then see what new errors are reported.  Repeat the process until the app passes.

Most error messages are fairly self-explanatory.  You can find some helpful information about them at https://dev.splunk.com/enterprise/reference/appinspect/appinspectcheck/

As for file permissions, directories should be set to 644 and other files to 600.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-17-2022 05:00 PM

Don't use Windows to package apps for Splunk Cloud.  This will happen every time.  The only workaround is to package on a Linux box or a Mac.  You don't have to have Splunk installed on it.  Just transfer the .tgz file, explode it, fix the permissions, and re-tar it.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

automagication
Loves-to-Learn
2 weeks ago

I had to set 744 permissions for folders, that solved my issue

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...

Built-in Service Level Objectives Management to Bridge the Gap Between Service & ...

Wednesday, May 29, 2024  |  11AM PST / 2PM ESTRegister now and join us to learn more about how you can ...

Get Your Exclusive Splunk Certified Cybersecurity Defense Engineer Certification at ...

We’re excited to announce a new Splunk certification exam being released at .conf24! If you’re headed to Vegas ...