Deployment Architecture

Apps packaged in splunk rpm have invalid permissions?

christopherutz
Path Finder

We have installed splunk instances on our servers to be used as forwarders. We use the deployment client/server to push out app packages to our various forwarders. We have recently attempted to add the unix application into our server classes so it is deployed to all remote splunk forwarders. We see the below error from the deployment client indicating it cannot remove the old unix app (I believe it is included in the rpm install) because the directory permissions are incorrect.

09-09-2010 15:38:03.726 WARN  DeployedServerClass - There was a problem installing app: unix for server class: unixClass
09-09-2010 15:39:03.773 WARN  DeployedApplication - Unable to remove folder: /opt/splunk/etc/apps/unix. Splunk will continue trying to install applic
ation. Directory not empty

This directory permissions on the contents of etc/apps/unix are 555 rather than something that is writable like 755. Is this intended? We could update the permissions on the app but anytime we add a new forwarder we will have to remember to correct the bad permissions. Obviously this is not ideal. One possible solution we have come up with is to make a copy of the unix app on our deployment server so it resides in a different folder (Something like my_unix). While this will fix the problem it seems like a hack.

Tags (1)
1 Solution

jrodman
Splunk Employee
Splunk Employee

The permissions on directories in the splunk package / tarfile are not explicitly declared. This means that your local umask will dictate the permissions applied to the directories. In your environment, you seem to have a 222 umask, which results in the directories being unwritable.

Personally I recommend 022, or otherwise more restrictive on group/other.

There's at least one bug to track the issue of this permission issue, identified internally as SPL-33753. I'll bring it up in our weekly bug discussion.

You can work around this by either: setting umask explicitly before splunk installs, eg

umask 022; rpm ....

or you can after-the-fact set them as you desire, eg:

find /opt/splunk -type d -exec chmod u=rwx,go=rx {} \;

View solution in original post

0 Karma

jrodman
Splunk Employee
Splunk Employee

The permissions on directories in the splunk package / tarfile are not explicitly declared. This means that your local umask will dictate the permissions applied to the directories. In your environment, you seem to have a 222 umask, which results in the directories being unwritable.

Personally I recommend 022, or otherwise more restrictive on group/other.

There's at least one bug to track the issue of this permission issue, identified internally as SPL-33753. I'll bring it up in our weekly bug discussion.

You can work around this by either: setting umask explicitly before splunk installs, eg

umask 022; rpm ....

or you can after-the-fact set them as you desire, eg:

find /opt/splunk -type d -exec chmod u=rwx,go=rx {} \;

0 Karma

christopherutz
Path Finder

Thanks, I will get with my CT group to make sure the umask is set before they perform future splunk installations using puppet.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...