Setting mgmt to port: 9000
Failed to open splunk.secret 'C:\Program Files\Splunk\etc\auth\splunk.secret' file. Some passwords will not work. errno=Access is denied.
Unable to read 'C:\Program Files\Splunk\etc\auth\splunk.secret' file.
Operation "ospath_fopen" failed in C:\wrangler-2.0\build-src\kimono\src\libzero\conf-mutator-locking.c:313, conf_mutator_lock(); No error
provided the Read/Write access
Changed the port number
restarted the machine
"Install as administrator" appears to be an over-simplification.
Scenario: Splunk on Windows, Running a deployment server forwarding to remote indexers. It's installed as a user which is a localmachine administrator, but it's not LOCALSYSTEM\Administator. Lets call it "localsplunkadminuser"
Splunk itself starts and runs fine.
I have a "log into git, pull fresh content if there is any, and run "reload deploy-server" content updater script.
I used to run this as the same localsplunkadminuser, and all was well.
I now am being asked by my local security people to run my "content updater" script as a non local admin (lets call this user "non-admin-content-update-user")
The script knows how to talk to our local password store to get creds to a) log into git, and also b) log into Splunk with an account with the capabilities to run "reload deploy-server" (i.e. a splunk admin)
I have given the non-admin-content-update-user full control over all the files in c:\Program Files\Splunk, so it should have the rights to alter/change any files. It's able to make changes to files that are getting updated in git (i.e files under c:\Program FIles\Splunk\etc\deployment-apps and c:\Program FIles\Splunk\etc\apps )
Unfortunately, when the content updater script is run by non-admin-content-update-user, it gets this error.
2018-11-30 13:51:20,394|ERROR|returncode=63, output="No error
Operation "ospath_fopen" failed in C:\wrangler-2.0\build-src\ivory\src\libzero\conf-mutator-locking.c:313, conf_mutator_lock(); ", restart="False"
So I AM running Splunk as an local machine adminstrator, but I'm trying to ask it to reload deployment server from a non admin user and it won't permit it. Let me be clear, it's not because i'm failing to authenticate to splunk, it's because Splunk doesn't appear to permit a non-admin user to run the splunk binary.
What's the reason here ? Are there any specific rights i can give my non-admin user to let it run "Splunk.exe reload deploy server" ?