I manually installed my syncthing linux binaries (version 0.9.4) under /usr/local/bin with permissions 755 and owner root. I guessed this is where they should be. Syncthing is started with my regular user.
I never used the autoupdater from the webGUI until today I wanted to update to 0.9.5. Very nice feature, but it refuses to update because syncthing running under my regular user doesn’t have write permissions to /usr/local/bin.
Which is the best solution here:
Change the binary location to ~/bin or somthing similar with full ownership for my regular user?
Give global write permissions to /usr/local/bin? (I did this to make the update possible, but it doesn’t seem the most secure solution…)
At least if the upgrade stuff is supposed to work, yes. If a system wide installation is done (like from a package), the auto-upgrade stuff should be disabled at build time.
I know this is old, but I had (and presumably others will have) the same problem. You do not need to give global write permission to /usr/local/bin to allow a regular user to update syncthing. If you set the directory’s GID execute bit to “s” you will allow a group member to update a file in that directory as though they are the root user. The prerequisite is that the directory has root:staff ownership and the syncthing user is a member of the group staff. First, check that /usr/local/bin is owned by user root and group staff -
ls -ld /usr/local/bin
drwxrwxr-x 2 root staff 4.0K Mar 16 15:34 /usr/local/bin/
and that the syncthing executable is owned by user your_uid and group staff:
ls -l /usr/local/bin/syncthing
-rwxr-xr-x 1 stuser staff 8.5M Mar 16 15:34 /usr/local/bin/syncthing
Then just run sudo chmod 2775 /usr/local/bin/ and syncthing will update automatically.
# sudo chmod 2775 /usr/local/bin/
# ls -ld /usr/local/bin
drwxrwsr-x 2 root staff 4096 mar 5 22:06 /usr/local/bin
#
You may need to log out / log in or restart for your group change to take effect. After doing so, you can test the permissions from your normal account. If you are able to create and rename files in /use/local/bin it worked.
Personally I think it’s easier to just keep the binary in ~/bin instead.