Splunk Dev
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unable to get proper file permission of an app package

Mr2022
Explorer
‎02-17-2022 05:30 PM

I pack an splunk app by tar command in an linux host, running as a root user. As a result the owner and group owner are both 'root'. After I installed to Splunk Enterprise, I found that the depressed directory and its files are all owned by 'root['. However, other installed app directories and files are belong to 'splunk'. 

So, should I su to splunk first and then pack the app file?

Labels (2)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sloshburch
Splunk Employee
Splunk Employee
‎02-17-2022 06:12 PM

Hiya - My preference is the Splunk Enterprise CLI command . Ideally Splunk isn't running as root so run this as the same user Splunk is running as. I find it does the best job ensuring the package is most compliant. You MAY still need to tweak file and directory permissions, remove hidden files, and clean up any local dir content before you wanna publish it for others.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎02-17-2022 10:05 PM

If the app is owned by any user but is world (or at least splunk) readable, it should "mostly work" meaning that splunk will he able to read its contents and apply settings. But you may face problems if the app is more complicated than a simple list of props/transforms. For example if the app is configured from the WebUI and writes its settings into its own local folder. That will of course not work if splunkd does not have permissions to write to that dir.

So long story short - do change your app files/dirs ownership to your splunk user.

0 Karma
Reply
Solved! Jump to solution
Solution

sloshburch
Splunk Employee
Splunk Employee
‎02-17-2022 06:12 PM

Hiya - My preference is the Splunk Enterprise CLI command . Ideally Splunk isn't running as root so run this as the same user Splunk is running as. I find it does the best job ensuring the package is most compliant. You MAY still need to tweak file and directory permissions, remove hidden files, and clean up any local dir content before you wanna publish it for others.

0 Karma
Reply
Solved! Jump to solution

Mr2022
Explorer
‎02-20-2022 07:29 PM

Thanks for your help. I found that I trigger the splunkd as root, not splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Announcing Scheduled Export GA for Dashboard Studio

We're excited to announce the general availability of Scheduled Export for Dashboard Studio. Starting in ...

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics GA in US-AWS!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...