I’m trying to sync the acme.json file for treafik instances between multiple hosts. This acme.json file needs to be owned by root with 0600 permissions. I can’t change this or treafik won’t start. I can successfully sync the file between hosts, when i run syncthing as root. How can I run syncthing safely as an unprivileged user, yet still sync that specific root owned file?
If a file has 0600 permissions and is owned by root than only root can read/modify it.
I can’t give the syncthing user root privileges on just a specific path, can i?
Is it still dangerous if i run syncthing as a privileged user, but disable the webUI?
I’d rather rethink your current certificate handling.
Running any network application as root carries a risk of it having a bug that hackers can exploit.
Then the only strategy i can think of is having syncthing run as the same user as the traefik instances.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.