Splunk SOAR
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Permissions issues after migrating to Unprivileged mode-How are we supposed to run unprivileged but complete admin tasks

kbuckle7
Observer
‎11-29-2022 07:25 AM

After updating to unprivileged mode (because privileged is being depcrecated), we are getting access denied issues when running some commands. For example: "phenv ibackup --setup"

So far, the issues seem to be with commands that relate to Postgres.

How are we supposed to run unprivileged, but complete admin tasks?

Note: If I run the commands as root, I get this error: "CommandError: This command must be executed by user phantom."

Thanks!

Labels (3)
0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎11-29-2022 07:52 AM

I have not seen this but I have also asked in the #SOAR community Slack channel.

I highly recommend signing up if not already: https://docs.splunk.com/Documentation/Community/current/community/Chat 

0 Karma
Reply

phanTom
SplunkTrust
SplunkTrust
‎11-29-2022 07:30 AM

@kbuckle7 sorry to hear you are having issuespost-conversion!

Have you engaged support yet??

What version are you? How did you convert? Did you use the migrate.py and it returned no issues/warnings?

Do all your directories under $PHANTOM_HOME now appear to be owned by Phantom?

If you have a support entitlement I would highly recommend raising this as a P2.

Tags (1)
0 Karma
Reply

kbuckle7
Observer
‎11-29-2022 08:06 AM

Thanks! I joined...

0 Karma
Reply

kbuckle7
Observer
‎11-29-2022 07:41 AM

Thanks for the quick reply!

We are on version 5.3.3 and ran the migrate.py script.

All directories in /opt/phantom are owned by phantom:phantom

I was hoping the community had seen this before opening a support ticket.

0 Karma
Reply
Get Updates on the Splunk Community!

Industry Solutions for Supply Chain and OT, Amazon Use Cases, Plus More New Articles ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...