Splunk Dev
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Unable to get proper file permission of an app package

Mr2022
Explorer
‎02-17-2022 05:30 PM

I pack an splunk app by tar command in an linux host, running as a root user. As a result the owner and group owner are both 'root'. After I installed to Splunk Enterprise, I found that the depressed directory and its files are all owned by 'root['. However, other installed app directories and files are belong to 'splunk'. 

So, should I su to splunk first and then pack the app file?

Labels (1)
Labels
Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

sloshburch
Splunk Employee
Splunk Employee
‎02-17-2022 06:12 PM

Hiya - My preference is the Splunk Enterprise CLI command . Ideally Splunk isn't running as root so run this as the same user Splunk is running as. I find it does the best job ensuring the package is most compliant. You MAY still need to tweak file and directory permissions, remove hidden files, and clean up any local dir content before you wanna publish it for others.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

PickleRick
SplunkTrust
SplunkTrust
‎02-17-2022 10:05 PM

If the app is owned by any user but is world (or at least splunk) readable, it should "mostly work" meaning that splunk will he able to read its contents and apply settings. But you may face problems if the app is more complicated than a simple list of props/transforms. For example if the app is configured from the WebUI and writes its settings into its own local folder. That will of course not work if splunkd does not have permissions to write to that dir.

So long story short - do change your app files/dirs ownership to your splunk user.

0 Karma
Reply
Solved! Jump to solution
Solution

sloshburch
Splunk Employee
Splunk Employee
‎02-17-2022 06:12 PM

Hiya - My preference is the Splunk Enterprise CLI command . Ideally Splunk isn't running as root so run this as the same user Splunk is running as. I find it does the best job ensuring the package is most compliant. You MAY still need to tweak file and directory permissions, remove hidden files, and clean up any local dir content before you wanna publish it for others.

0 Karma
Reply
Solved! Jump to solution

Mr2022
Explorer
‎02-20-2022 07:29 PM

Thanks for your help. I found that I trigger the splunkd as root, not splunk.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk App Dev Community Updates – What’s New and What’s Next

Welcome to your go-to roundup of everything happening in the Splunk App Dev Community! Whether you're building ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

Enterprise Security Content Update (ESCU) | New Releases

In April, the Splunk Threat Research Team had 2 releases of new security content via the Enterprise Security ...