Splunk Search

Upgrading Splunk as root modified file system using tar.gz

splunkreal
Motivator

Hello,

looks like upgrading Splunk as root modified our file system using tar.gz, is this normal behaviour?

 

[root@xhost ~]# ll /OPT/siem/splunk/
total 2396
drwxr-xr-x 4 siem siem 4096 Oct 17 2018 bin
-r--r--r-- 1 siem siem 57 Oct 17 2018 copyright.txt
drwxr-xr-x 16 siem siem 4096 Jun 6 2019 etc
drwxr-xr-x 3 siem siem 44 Oct 17 2018 include
drwxr-xr-x 6 siem siem 4096 Oct 17 2018 lib
-r--r--r-- 1 siem siem 61779 Oct 17 2018 license-eula.txt
drwxr-xr-x 3 siem siem 58 Oct 17 2018 openssl
-r--r--r-- 1 siem siem 844 Oct 17 2018 README-splunk.txt
drwxr-xr-x 3 siem siem 86 Oct 17 2018 share
-r--r--r-- 1 siem siem 2365100 Oct 17 2018 splunk-7.1.4-5a7a840afcb3-linux-2.6-x86_64-manifest
lrwxrwxrwx 1 siem siem 9 May 28 2019 var -> /VAR/siem


[root@xhost tmp]# ll /OPT/siem/splunk/
total 4616
drwxr-xr-x 4 10777 xgroup 4096 Jan 8 2020 bin
-r--r--r-- 1 10777 xgroup 57 Jan 8 2020 copyright.txt
drwxr-xr-x 16 10777 xgroup 4096 Jan 8 2020 etc
-rw-r--r-- 1 10777 xgroup 0 Jan 8 2020 ftr
drwxr-xr-x 3 10777 xgroup 44 Jan 8 2020 include
drwxr-xr-x 7 10777 xgroup 4096 Jan 8 2020 lib
-r--r--r-- 1 10777 xgroup 62762 Jan 8 2020 license-eula.txt
drwxr-xr-x 3 10777 xgroup 58 Jan 8 2020 openssl
-r--r--r-- 1 10777 xgroup 844 Jan 8 2020 README-splunk.txt
drwxr-xr-x 4 10777 xgroup 108 Jan 8 2020 share
-r--r--r-- 1 siem siem 2365100 Oct 17 2018 splunk-7.1.4-5a7a840afcb3-linux-2.6-x86_64-manifest
-r--r--r-- 1 10777 xgroup 2270678 Jan 8 2020 splunk-7.3.4-13e97039fb65-linux-2.6-x86_64-manifest
lrwxrwxrwx 1 siem siem 9 May 28 2019 var -> /VAR/siem
[root@xhost tmp]#

 

Thanks.

* If this helps, please upvote or accept solution if it solved *
0 Karma
1 Solution

schose
Builder

Hi,

normal tar behavior..

--no-same-owner extract files as yourself (default for ordinary users)

--owner=NAME force NAME as owner for added files

https://linux.die.net/man/1/tar

regards,

Andreas

View solution in original post

schose
Builder

Hi,

normal tar behavior..

--no-same-owner extract files as yourself (default for ordinary users)

--owner=NAME force NAME as owner for added files

https://linux.die.net/man/1/tar

regards,

Andreas

Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...