Solved: Why am I getting a "Permission Denied" error when ...

srajesh82 · ‎04-08-2015

I am trying to add the forwader or list it, but it ends up in permission denied messsage

./splunk list forward-server
Splunk username: admin
Password:
Can't create directory "/root/.splunk": Permission denied

Need your help to fix this

srajesh82 · ‎04-08-2015

We started the splunk instance using an service account.
But later we were trying to check the forwarder testing using root account which ends up wit above error.

we changed back to service account and it worked.

View solution in original post

goelli · ‎02-20-2017

Either run the command as the same user as Splunk runs:

sudo -u splunk_user /path/to/splunk command

Or do the following for every user you want to run the commands (you have to insert the hostname and the mgmt port of your Splunk instance):

cd ~
mkdir .splunk
chmod 777 -R .splunk
touch .splunk/authToken_hostname_port
chmod 600 .splunk/authToken_hostname_port

harsmarvania57 · ‎04-08-2015

You need to run above command with same user as splunk service is running.

nickhills · ‎02-20-2017

if you have used the default usernames and paths you should be able run:

sudo -u splunk /opt/splunk/bin/splunk list forward-server

If my comment helps, please give it a thumbs up!

srajesh82 · ‎04-08-2015

We started the splunk instance using an service account.
But later we were trying to check the forwarder testing using root account which ends up wit above error.

we changed back to service account and it worked.

harsmarvania57 · ‎04-08-2015

Can you please let us know from which users you are trying to run above command? And from which user, splunk service is running??

Why am I getting a "Permission Denied" error when running './splunk list forward-server'?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases