Splunk Enterprise

How to retain Linux file permission when files are pushed from deployer to search head cluster?

hettervik_new
Explorer

Hi,

One thing that doesn't seem to be documentet, is how Splunk handles Linux file permissions when files from the deployer is pushed to the search head cluster.

Docs: https://docs.splunk.com/Documentation/Splunk/9.0.2/DistSearch/PropagateSHCconfigurationchanges

For example, I have an app "/opt/splunk/etc/shcluster/apps/my app". This app has a script under "/opt/splunk/etc/shcluster/apps/my app/bin/helloworld.sh". This script has the permission "-rwxr-x---" on the deployer, but if I push the script to the search head cluster it gets the permission "-rw-rw-r--" on the search head cluster members. Note that the executable permission is removed, making the script not usable. I'm using Splunk version 9.0.2 on both the deployer and the search head cluster members. Also, a colleague of mine is having the same problem, so I don't think is something wrong with my Splunk environment in particular.

Is anyone else experiencing this problem, and is there a workaround?

Labels (1)
0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...