Splunk Search

error loading shared libraries running as non root user

ajs07635
Explorer

I am trying to run splunk as a non-root user, but every time i start splunk I get the error "splunkd: error while loading shared libraries: libxslt.so.1: cannot open shared object file: No such file or directory"

I have created a user and group named "splunk" to run the server as. I have given it rights to read/write /opt/splunk. Even if I do:

$ sudo -u splunk bash
bash$ source /opt/splunk/bin/setSplunkEnv
bash$ /opt/splunk/bin/splunk start

I still get that error. As long as i set the $SPLUNK_HOME using setSplunkEnv, ldd correctly finds all the libraries on the system or in the /opt/splunk/lib/ directory.

It does work fine when I start it as root.

To make things more complicated, my sysadmins tell me that having /opt/splunk/lib in /etc/ld.so.conf breaks their Red Hat Network update stuff so they removed it. So, I tried the following before starting splunk:

export LD_LIBRARY_PATH=/opt/splunk/lib

which also results in ldd finding all the libraries, but I still get the error when starting splunkd.

$ sudo -u splunk bash
bash$ export LD_LIBRARY_PATH=/opt/splunk/lib
bash$ source /opt/splunk/bin/setSplunkEnv
bash$ /opt/splunk/bin/splunk start
Splunk> All batbelt. No tights.

Checking Prerequisites...
        Checking http port [8000]: open
        Checking mgmt port [8089]: open
        Checking configuration...  Done.
        Checking index directory...  Done.
        Checking databases...
        Validated databases: _audit, _blocksignature, _internal, _thefishbucket, history, main, sample, summary, test
        Checking for SELinux
All Preliminary checks passed.

splunkd: error while loading shared libraries: libxslt.so.1: cannot open shared object file: No such file or directory
1 Solution

gkanapathy
Splunk Employee
Splunk Employee

You shouldn't need to do any of this stuff, much less mess with the system /etc/ld.so.conf. What I would do is:

  • Make sure that the ownership of the entire /opt/splunk hierarchy is owned by the running user (use chown -R)
  • re-extract/re-install the Splunk files (say, using tar -xf). It's possible that some files weren't extracted correctly.

There's not really very much more to it.

View solution in original post

gkanapathy
Splunk Employee
Splunk Employee

You shouldn't need to do any of this stuff, much less mess with the system /etc/ld.so.conf. What I would do is:

  • Make sure that the ownership of the entire /opt/splunk hierarchy is owned by the running user (use chown -R)
  • re-extract/re-install the Splunk files (say, using tar -xf). It's possible that some files weren't extracted correctly.

There's not really very much more to it.

ajs07635
Explorer

I had a sysadmin reinstall splunk and then upgrade it to 4.2 and it seems to be working fine, so I guess that must have been the issue. Thanks.

ajs07635
Explorer

chown -R splunk:splunk was run on /opt/splunk and everything is owned by the running user. I'll have the sysadmins reinstall the rpm and see if that makes a difference

0 Karma

ajs07635
Explorer

Oh, and if its helpful to anyone, the OS is RHEL6 x86_64

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...