How to retain Linux file permission when files are...

Splunk Enterprise

Hi,

One thing that doesn't seem to be documentet, is how Splunk handles Linux file permissions when files from the deployer is pushed to the search head cluster.

Docs: https://docs.splunk.com/Documentation/Splunk/9.0.2/DistSearch/PropagateSHCconfigurationchanges

For example, I have an app "/opt/splunk/etc/shcluster/apps/my app". This app has a script under "/opt/splunk/etc/shcluster/apps/my app/bin/helloworld.sh". This script has the permission "-rwxr-x---" on the deployer, but if I push the script to the search head cluster it gets the permission "-rw-rw-r--" on the search head cluster members. Note that the executable permission is removed, making the script not usable. I'm using Splunk version 9.0.2 on both the deployer and the search head cluster members. Also, a colleague of mine is having the same problem, so I don't think is something wrong with my Splunk environment in particular.

Is anyone else experiencing this problem, and is there a workaround?

Get Updates on the Splunk Community!

How to retain Linux file permission when files are pushed from deployer to search head cluster?

administration

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey

Join the Conversation

How to retain Linux file permission when files are pushed from deployer to search head cluster?

administration

Upcoming Webinar: Unmasking Insider Threats with Slunk Enterprise Security’s UEBA

.conf25 technical session recap of Observability for Gen AI: Monitoring LLM ...

A Season of Skills: New Splunk Courses to Light Up Your Learning Journey