Currently my environment using splunk as root user, I want to Run Splunk under splunk user instead of root and run splunk web on 8443.
What is the procedure to implement the same and what will be the impact?
You probably want to set your SPLUNK_OS_USER in the /opt/splunk/etc/splunk-launch.conf file:
# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER
SPLUNK_OS_USER=splunk
First you will need to re-own the files back to the splunk user in your installation directory.
The limitations would be:
ulimits may be set differently for the splunk user (this can of course be changed for the splunk user)
You cannot listen on a privileged port number below 1024
I've never found either of these items to be an issue, if you need a syslog listener on port 514 for example you can run that as a separate process which runs as root...
You probably want to set your SPLUNK_OS_USER in the /opt/splunk/etc/splunk-launch.conf file:
# If SPLUNK_OS_USER is set, then Splunk service will only start
# if the 'splunk [re]start [splunkd]' command is invoked by a user who
# is, or can effectively become via setuid(2), $SPLUNK_OS_USER.
# (This setting can be specified as username or as UID.)
#
# SPLUNK_OS_USER
SPLUNK_OS_USER=splunk
First you will need to re-own the files back to the splunk user in your installation directory.
The limitations would be:
ulimits may be set differently for the splunk user (this can of course be changed for the splunk user)
You cannot listen on a privileged port number below 1024
I've never found either of these items to be an issue, if you need a syslog listener on port 514 for example you can run that as a separate process which runs as root...
How to use iptables prerouting to forward request coming on port 443 to port 8443?