hi!
Since splunk 6.1.1 we encounter a problem because boot-start creates an init-script which causes the splunk process to run as user splunk - but group 0 (root) - but the files to be indexed are only available to the group splunk.
Is there a way to force the splunk-process to run as splunk:splunk?
something like
SPLUNK_OS_GROUP=splunk
(which doesn't work) in etc/splunk-launch.conf ?
regards,
philipp
