Hello All,
I have a solid understanding of the files/ how to deploy this application but my issue is with permissions.
We have 4 brand New Linux Splunk Instances, each instance is running splunk as splunk per best practice. sh, 2 indexers, 1 uf
I could use some pointers on how to properly deal with Linux TA nix with respects to permissions. The source of my problem could be how I'm executing/ copying, moving files around while logged into the Linux machines. So I'm interested in know how you guys are doing things.
This is what I'm doing:
1) I log in to the machine as bob, bob has sudo permissions
2) anytime I need to move a file/ directory onto the Linux box i Filezilla it over from my windows machine to my home directory first /home/bob
From there I'll copy the file into the splunk instance: /opt/splunk/etc/apps
HOWEVER.... in order for me to copy the files into the splunk directories, I have to sudo cp -R the files there as my normal user account didn't have permissions over the splunk directories (as they are owned by splunk). I wasn't able to copy the files via splunk account as it doesn't have permissions in /home/bob. So what's the right way to do things?
Should i grant splunk access to /home/bob so it can grab the files and move it to the proper destination? Where i don't have to chown and chmod? Should i not be moving files into /home/bob? OR something else?
As a workaround Id' then chown the files back to Splunk and things would work properly.
I noticed this is what the permission looked like on Splunk_TA_nix drwx------.
however on all other applications, I've installed they have drwxr-xr-x.
When I searched _internal logs to investigate, it stated none of the servers had permissions to execute any *.sh files
These issues that were consistent with both local Splunk_TA_nix and when the app is deployed via deployment server so obviously I'm doing something wrong
As a workaround, I chmod 775 -R Splunk_TA_nix after the files were deployed. I would also sudo chmod 775 -R Splunk_TA_nix locally on the search head and this would also work. However, I'd like to know the proper way to deploy Splunk_TA_nix where there isn't any permission issue running the scripts.
Please consider how I'm transferring, login in, sudo'n, copying the files etc. Thanks for your direction!
... View more