I'm fairly new to Splunk, but I use it both at home (on openSUSE linux) and at work (redhat linux).
At home, most of the installed files are owned by "splunk".
At work, we're working with a fairly new install, and I noticed that the .conf files on the Splunk Enterprise are owned by root, and read/writable only for root : ( -rw------- ) .
Can anyone think of a possible configuration where this would be advisable?
Hi martinh3,
there are two answers related to this topic:
http://answers.splunk.com/answers/145385/should-we-run-splunk-as-root-or-non-root-user.html
http://answers.splunk.com/answers/186821/is-there-any-reason-not-to-run-splunk-as-root.html
To sum them up, it is not advised to run Splunk as root - run it with the splunk
user account.
Hope this helps ...
cheers, MuS
Hi martinh3,
there are two answers related to this topic:
http://answers.splunk.com/answers/145385/should-we-run-splunk-as-root-or-non-root-user.html
http://answers.splunk.com/answers/186821/is-there-any-reason-not-to-run-splunk-as-root.html
To sum them up, it is not advised to run Splunk as root - run it with the splunk
user account.
Hope this helps ...
cheers, MuS