Feature Request: Option to turn off warning "Syncthing should not run as a privileged or system user."

I do understand the motivation behind the warning and the need to warn people who are maybe not aware the issue. But there is also a fair chance that people with priviledged accounts know what they do and I respectfully ask to give them a choice to silence the warning.

Syncting is small and nimble, easily installed and more or less maintenance free when configured correctly. That makes it ideal to regularly sync configs or data from and to devices that have only a limited environment. Unfortunately user management is often missing, and in that cases the (correct) warning about Syncthing running as privledged user is displayed. Again and again.

Well, apart from the fact that now all of your users’ files are owned by a privileged or system user, so they can’t access them…

Advanced Settings -> Insecure Admin Access is the best you can do.

Maybe I did not express myself correctly: On a system where there is only one account, may it be called system, admin, root, whatever, there is only one account with which to install Syncthing. The files do belong to root, admin, system anyway. No problem here.

I’ve tried “Insecure Admin Access” before but it did not supress the warning. It just gives me the screenshot below:

It’s a one-off after restart. There is no way to complete silence it, and I don’t think there should be. Running a network application as a superuser is a big nono.

1 Like

I have 2 devices running with this case, but I don’t feel it’s annoying. On the gui for the first, I receive the advice only once, and on the other it isn’t even displayed if I use the -no-browser option. Why does it bother you ?

1 Like

Ah, forget ist. Thanks Bruno.

In some cases it has to be run as root. Say…you want to sync a Linux folder that’s shared out via Samba. User ‘bob’ saves a file to it. The owner is ‘bob’ and the group is ‘domain users’. The file has permissions 0660. All the domain users can do whatever they want with the file, but Syncthing can’t touch it.

Plus there’s this:

You can lock syncthing down quite a bit using apparmor–even if it’s running as root…so please provide a way for competent admins to disable this stupid warning.

1 Like

You can grant the relevant capabilities in a more fine grained manner, which won’t trigger the large warning.

What ‘fine grained’ manner am I missing? Further configuration with apparmor or something?

I was thinking of using setcap to grant the binary the relevant capability. Maybe cap_dac_override to be root-like.

1 Like