ChrisYounger
commented
3 years ago Hi Tyler, This is a very hard problem to solve in a secure way. As soon as you allow a user to be able to write to any file, they could potentially hack the system (they could create a shell script that creates a new Splunk admin user) and then execute that script by changing inputs.conf.
Ill take a another look at this problem soon and see if something can be done.
All the best
tmontney
Up until now, I've just been directly editing config files on the server through the administrative SMB share. I want any kind of Splunk operation to be run through Splunk web, and this app is a big step in the right direction. However, I notice it's either "all can write" or "none can write":
Are there any plans to impose more granular permissions, like attached to Splunk roles? Things like:
Thankfully for now, it's just been me for managing Splunk. But if things were to grow (such as in a larger environment), this would be crucial. Using this app allows me to avoid giving shell access (RDP/SSH) and/or SMB directory access.