Solved: issues with scripted inputs and secondary groups

dshakespeare_sp · ‎07-18-2014

Customer has reported an issue with Splunk scripted inputs and setgroups. An very simple example would be I have a script $SPLUNK_HOME/bin/script called shaky.sh

This just calls /tmp/test.sh which just contains "echo "hello world date" >> /tmp/test.out

# ls -l /tmp/test.out
-rwxr-x---. 1 root gumby 27 Jul 16 14:46 /tmp/test.sh

splunkd runs as user "splunk" and gumby is a secondary group.

# id splunk
uid=500(splunk) gid=500(splunk) groups=500(splunk),502(gumby)

The script does not run and there are lots of permission denied errors from the script in splunkd.log
If user splunk is changed to have gumby as a primary group, it works as expected
Is there away to get this working with a secondary group?

dshakespeare_sp · ‎07-18-2014

A solution for this appears to be to use newgrp in a "here file" as a wrapper
eg

#!/bin/bash

newgrp gumby << END

/tmp/shaky.sh

END

View solution in original post

dshakespeare_sp · ‎07-18-2014

A solution for this appears to be to use newgrp in a "here file" as a wrapper
eg

#!/bin/bash

newgrp gumby << END

/tmp/shaky.sh

END

issues with scripted inputs and secondary groups

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms