Re: Permissions issues after migrating to Unprivil...

kbuckle7 · ‎11-29-2022

After updating to unprivileged mode (because privileged is being depcrecated), we are getting access denied issues when running some commands. For example: "phenv ibackup --setup"

So far, the issues seem to be with commands that relate to Postgres.

How are we supposed to run unprivileged, but complete admin tasks?

Note: If I run the commands as root, I get this error: "CommandError: This command must be executed by user phantom."

Thanks!

phanTom · ‎11-29-2022

I have not seen this but I have also asked in the #SOAR community Slack channel.

I highly recommend signing up if not already: https://docs.splunk.com/Documentation/Community/current/community/Chat

phanTom · ‎11-29-2022

@kbuckle7 sorry to hear you are having issuespost-conversion!

Have you engaged support yet??

What version are you? How did you convert? Did you use the migrate.py and it returned no issues/warnings?

Do all your directories under $PHANTOM_HOME now appear to be owned by Phantom?

If you have a support entitlement I would highly recommend raising this as a P2.

kbuckle7 · ‎11-29-2022

Thanks! I joined...

kbuckle7 · ‎11-29-2022

Thanks for the quick reply!

We are on version 5.3.3 and ran the migrate.py script.

All directories in /opt/phantom are owned by phantom:phantom

I was hoping the community had seen this before opening a support ticket.

Permissions issues after migrating to Unprivileged mode-How are we supposed to run unprivileged but complete admin tasks

administration

configuration

troubleshooting

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases