Running Syncthing as root?


There is any argument against running Syncthing as root? Someone asked me this, who wants to synchronize files of several websites/users between servers.


Yes. If something goes wrong (someone manages to access the web UI, or a config file, for example), then they can control a program which is specifically designed for reading and writing files, running with root permissions. They can use this to read/write any file on the filesystem, and completely own you.

It’s the same argument against running any process as root unless it really really needs to. Except more extreme, because Syncthing is designed for reading and writing files: you don’t need to even try hard to convince it to read /etc/shadow.

Syncthing will always create files/folders with the user and group with which it is run. So running as root will create files owned by root.

Thanks for the answers.

I know that running anything as root is risky, but sometimes you can’t avoid it. But the main point of that Syncthing is not designed for it what @wweich told that it will create files as root so not preserving ownership.

You can probably do what you want by using ACLs, which will also let you run Syncthing as an unprivileged user. For example, I have syncthing running on my server as the syncthing user, while a web server, running as http, can access specific files of syncthing’s.

Nice idea.

Why can’t you set up one Syncthing process per user? That is the intended method of operation.

There are 30+ users, but don’t mind we try with glusterfs, Syncthing was just an idea.