In Linux one approach to setting up a splunk service account user is to do the nomal linux adduser command.
Created a group "splunkadmins" and added the specific accounts to that group.
In sudoers add these lines for splunkadmins.
%splunkadmins ALL=(splunk) NOPASSWD: ALL, !/bin/sh, !/bin/bash, !/sbin/nologin, !/bin/bash2, !/bin/ash, !/bin/bsh, !/bin/ksh, !/bin/tcsh, !/bin/csh, !/bin/zsh
%splunkadmins ALL=NOPASSWD:/sbin/service splunk *, /usr/sbin/tcpdump *
The first allows anyone in the splunkadmins group to become the splunk user using sudo.
The second is the ability for anyone in that group to restart the splunk service (or use tcpdump).
As long ad you used enable boot-start with the user flag set to this splunk user you should be all set.
... View more