Is it possible to install the universal forwarder rpm as a different user and not have the rpm create the "splunk" user?
Thank you both for your contributions. This will work for me.
Hm, I guess it would be possible to:
a) install the rpm
b) chown all files in /opt/splunkforwarder
c) delete the 'splunk' user account
d) create the init.d script to run splunk with the user of your choice.
However, I have not tried this, and I'm also unsure if it would survive an upgrade.
Or if you download the tgz instead of rpm, it won't create any accounts, AFAIK.
/Kristian