I’m trying to sync the acme.json file for treafik instances between multiple hosts. This acme.json file needs to be owned by root with 0600 permissions. I can’t change this or treafik won’t start. I can successfully sync the file between hosts, when i run syncthing as root. How can I run syncthing safely as an unprivileged user, yet still sync that specific root owned file?
If a file has 0600 permissions and is owned by root than only root can read/modify it.
I can’t give the syncthing user root privileges on just a specific path, can i?
Is it still dangerous if i run syncthing as a privileged user, but disable the webUI?
I’d rather rethink your current certificate handling.
Running any network application as root carries a risk of it having a bug that hackers can exploit.
Then the only strategy i can think of is having syncthing run as the same user as the traefik instances.