How do I access certain (all) files?

Question

How do I access certain (all) files?

qwerty10110 opened this issue 4 years ago · comments

qwerty10110 commented 4 years ago

When I shell into the container I can't access /opt/splunk/var/run, even when I use sudo cd run/

sudo: unable to send audit message: Operation not permitted

Why is it that I can't access all directories, even while I'm a sudo user?

Thanks

PS: since I'm using this in the context of a containerized deployment (kubernetes) I'm also posting this question in docker-splunk. I apologize if this is the wrong place.

qwerty10110 · Answer 1 · Sat Sep 12 2020 03:36:17 GMT+0800 (China Standard Time)

I need to research this more

Nelson Wang · Answer 2 · Wed Sep 16 2020 00:34:48 GMT+0800 (China Standard Time)

The $SPLUNK_HOME directory is owned by the Splunk user ($SPLUNK_USER env var). This should be splunk by default, so you can do something like:

docker exec -it -u splunk mycontainername bash

or

ansible@mycontainername$ sudo -u splunk bash

qwerty10110 · Answer 3 · Thu Sep 17 2020 01:43:02 GMT+0800 (China Standard Time)

Ok, this did help. Thanks!