Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to retain Linux file permission when files are pushed from deployer to search head cluster?

hettervik_new
Explorer
‎11-11-2022 05:32 AM

Hi,

One thing that doesn't seem to be documentet, is how Splunk handles Linux file permissions when files from the deployer is pushed to the search head cluster.

Docs: https://docs.splunk.com/Documentation/Splunk/9.0.2/DistSearch/PropagateSHCconfigurationchanges

For example, I have an app "/opt/splunk/etc/shcluster/apps/my app". This app has a script under "/opt/splunk/etc/shcluster/apps/my app/bin/helloworld.sh". This script has the permission "-rwxr-x---" on the deployer, but if I push the script to the search head cluster it gets the permission "-rw-rw-r--" on the search head cluster members. Note that the executable permission is removed, making the script not usable. I'm using Splunk version 9.0.2 on both the deployer and the search head cluster members. Also, a colleague of mine is having the same problem, so I don't think is something wrong with my Splunk environment in particular.

Is anyone else experiencing this problem, and is there a workaround?

Labels (1)
Labels
0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...

Splunk and Fraud

Watch Now!Watch an insightful webinar where we delve into the innovative approaches to solving fraud using the ...

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

You’ve probably heard the latest about AppDynamics joining the Splunk Observability portfolio, deepening our ...