Hi,
I currently try to setup Syncthing on a headless Debian server.
Since I don’t want to run it as root I’ve created a user. Not a normal user, but a system user instead, because that’s what it should be in my case.
The system user doesn’t have a home directory by default but Syncthing wants to write to $HOME/.config/syncthing, which obviously doesn’t work. I guess that’s the reason why the included systemd service doesn’t start:
● syncthing@syncthing.service - Syncthing - Open Source Continuous File Synchronization for syncthing
Loaded: loaded (/lib/systemd/system/syncthing@.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2022-09-02 15:08:05 CEST; 4min 4s ago
Docs: man:syncthing(1)
Process: 10230 ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 (code=exited, status=1/FAILURE)
Main PID: 10230 (code=exited, status=1/FAILURE)
CPU: 8ms
Sep 02 15:08:05 syncthing systemd[1]: syncthing@syncthing.service: Scheduled restart job, restart counter is at 4.
Sep 02 15:08:05 syncthing systemd[1]: Stopped Syncthing - Open Source Continuous File Synchronization for syncthing.
Sep 02 15:08:05 syncthing systemd[1]: syncthing@syncthing.service: Start request repeated too quickly.
Sep 02 15:08:05 syncthing systemd[1]: syncthing@syncthing.service: Failed with result 'exit-code'.
Sep 02 15:08:05 syncthing systemd[1]: Failed to start Syncthing - Open Source Continuous File Synchronization for syncthing.
So I created /etc/syncthing (770 root syncthing) and tried to copy the default service file to /etc/systemd/system/syncthing.service and append --home=/etc/syncthing and changed the user from @1 to syncthing.
But it still doesn’t start:
● syncthing.service - Syncthing - Open Source Continuous File Synchronization for
Loaded: loaded (/etc/systemd/system/syncthing.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2022-09-02 15:17:37 CEST; 2min 57s ago
Docs: man:syncthing(1)
Process: 10835 ExecStart=/usr/bin/syncthing serve --no-browser --no-restart --logflags=0 --no-default-folder --home=/etc/syncthing (code=exited, status=1/FAILURE)
Main PID: 10835 (code=exited, status=1/FAILURE)
CPU: 17ms
Sep 02 15:17:36 syncthing systemd[1]: syncthing.service: Main process exited, code=exited, status=1/FAILURE
Sep 02 15:17:36 syncthing systemd[1]: syncthing.service: Failed with result 'exit-code'.
Sep 02 15:17:37 syncthing systemd[1]: syncthing.service: Scheduled restart job, restart counter is at 4.
Sep 02 15:17:37 syncthing systemd[1]: Stopped Syncthing - Open Source Continuous File Synchronization for .
Sep 02 15:17:37 syncthing systemd[1]: syncthing.service: Start request repeated too quickly.
Sep 02 15:17:37 syncthing systemd[1]: syncthing.service: Failed with result 'exit-code'.
Sep 02 15:17:37 syncthing systemd[1]: Failed to start Syncthing - Open Source Continuous File Synchronization for .
Sep 02 15:17:34 syncthing syncthing[10820]: WARNING: chmod /etc/syncthing: read-only file system
Sep 02 15:17:34 syncthing syncthing[10820]: [start] INFO: syncthing v1.20.4 "Fermium Flea" (go1.18.4 linux-amd64) deb@build.syncthing.net 2022-08-02 08:10:29 UTC [noupgrade]
Sep 02 15:17:34 syncthing syncthing[10820]: [start] INFO: Generating ECDSA key and certificate for syncthing...
Sep 02 15:17:34 syncthing syncthing[10820]: [start] WARNING: Failed to load/generate certificate: save cert: open /etc/syncthing/cert.pem: read-only file system
Sep 02 15:17:34 syncthing systemd[1]: syncthing.service: Main process exited, code=exited, status=1/FAILURE
Sep 02 15:17:34 syncthing systemd[1]: syncthing.service: Failed with result 'exit-code'.
Sep 02 15:17:36 syncthing systemd[1]: syncthing.service: Scheduled restart job, restart counter is at 3.
Sep 02 15:17:36 syncthing systemd[1]: Stopped Syncthing - Open Source Continuous File Synchronization for .
Sep 02 15:17:36 syncthing systemd[1]: Started Syncthing - Open Source Continuous File Synchronization for .
Sep 02 15:17:36 syncthing syncthing[10835]: WARNING: chmod /etc/syncthing: read-only file system
Sep 02 15:17:36 syncthing syncthing[10835]: WARNING: chmod /etc/syncthing: read-only file system
Sep 02 15:17:36 syncthing syncthing[10835]: [start] INFO: syncthing v1.20.4 "Fermium Flea" (go1.18.4 linux-amd64) deb@build.syncthing.net 2022-08-02 08:10:29 UTC [noupgrade]
Sep 02 15:17:36 syncthing syncthing[10835]: [start] INFO: Generating ECDSA key and certificate for syncthing...
Sep 02 15:17:36 syncthing syncthing[10835]: [start] WARNING: Failed to load/generate certificate: save cert: open /etc/syncthing/cert.pem: read-only file system
Sep 02 15:17:36 syncthing systemd[1]: syncthing.service: Main process exited, code=exited, status=1/FAILURE
Sep 02 15:17:36 syncthing systemd[1]: syncthing.service: Failed with result 'exit-code'.
Sep 02 15:17:37 syncthing systemd[1]: syncthing.service: Scheduled restart job, restart counter is at 4.
Sep 02 15:17:37 syncthing systemd[1]: Stopped Syncthing - Open Source Continuous File Synchronization for .
Sep 02 15:17:37 syncthing systemd[1]: syncthing.service: Start request repeated too quickly.
Sep 02 15:17:37 syncthing systemd[1]: syncthing.service: Failed with result 'exit-code'.
Sep 02 15:17:37 syncthing systemd[1]: Failed to start Syncthing - Open Source Continuous File Synchronization for .
But it is not, actually:
drwxrwx--- 2 root syncthing 4096 31. Aug 19:53 syncthing
I figured out this is because ProtectSystem=full in the systemd service file. This can be fixed by ReadWritePaths=. Not tested yet, but I think this will work.
