I have observed the same behavior running 6.2 on Win2008. This makes it difficult to provision a server so a non-administrator can access and modify Splunk configuration files. The desired behavior would be that if a user account or user group is given explicit permissions to a "splunk" folder or a "splunk" file that these permissions would persist after "splunk" modifies the file or folder.
The ACL override appears to be a bug. Is it?
... View more