Solved: Directory and config file permissions keep getting...

the_wolverine · ‎06-29-2011

We have a workaround in place to address the replication bug in our current version of Splunk (4.1x). Our /opt/splunk/etc/ directory is shared to the indexers via nfs export and replication is disabled.

Unfortunately, when a change is made to props.conf, Splunk changes the permissions of the directory and files (/opt/splunk/etc/apps/search/local/props.conf) to 700.

I have manually changed permissions to 744 only to have them changed back when I (or another user) make a change, such as add field extractions, from UI. This breaks all custom field extractions.

How can I force Splunk not to change the permissions on these directories and files?

the_wolverine · ‎08-22-2011

This is a known issue and splunk support should be able to confirm and answer it. So, I'm surprised they have not responded here yet.

View solution in original post

yoho · ‎05-13-2014

Maybe changing the umask when splunk gets started would change something to this situation ?

the_wolverine · ‎08-22-2011

This is a known issue and splunk support should be able to confirm and answer it. So, I'm surprised they have not responded here yet.

anderius · ‎01-09-2015

What happened? Was it solved? This is not a solution/answer to the problem for other people reading the post... 🙂

Directory and config file permissions keep getting reset by Splunk (need 744)

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases