Quote Originally Posted by cisaksen View Post
Let me add some more info on this question: We are trying to run splunk enterprise 7.3.0 on SUSE 12 SP4 as a systemd process using this guide from splunk docs: https://docs.splunk.com/Documentatio...s_requirements

So far we have not been able to successfully run splunkd as a service using this method. I am able to modify this method by not running the $SPLUNK_HOME/bin/splunk enable boot-start -systemd-managed 1 -user splunk but using the service file anyway. It will run but not correctly.

The problem we keep running into is the "splunk" user account. This is what is stated but after giving it all the sudo rights I can it still will not work.
Permissions requirements
The enable boot-start command and systemd have the following permissions requirements:

Non-root users must have super user permissions to configure systemd using enable boot-start.
Non-root users must have super user permissions to run start, stop, restart under systemd.
For instructions on how to create a new user with super user permissions, see your Linux documentation. The specific steps can vary depending on the Linux distribution.

Now I can get the splunk user to run systemctl with no password as long as I put sudo in front of it. If I don't it will prompt me for the password, and from what testing I can do it seems that the splunk systemd process is not using sudo in it's commands under the covers.

Is there a way to allow a regular user (splunk) to run systemctl without a root password and without sudo in front? Yes I know not even remotely the best practice.

As root user and visudo;


username ALL = NOPASSWD: /path/to/app/appname