Just ran into a problem tonight while upgrading my Splunk instance from 6.1 to 6.3.1. It had been offline for quite a while (it died and it’s just a demo system of mine) so it hadn’t been upgraded in a while.

While following the phenomenal upgrade process here:


I ran into an odd issue where the migration script was attempting to change the permissions on the /splunk/etc/passwd file and erroring out on me without finishing the upgrade. Full error message below (so Google finds it and people don’t have as hard of a time resolving this as I did).

I wasn’t able to find anyone online running into this issue, thus this post. After digging around, I came across Splunk’s code on Github and discovered my issue.

Link to Github: https://github.com/edo17/splunk/blob/master/lib/python2.7/site-packages/splunk/clilib/migration.py

It looks like with the free version, it doesn’t have a passwd file, even though one exists on my server. I renamed it to passwd.old and then everything ran!