Syncthing with Upstart on Ubuntu Server 14.04 (a dummys guide)

I thought I’d share my experience trying to get Syncthing operational on an install of Ubuntu Server 14.04. Notes:

  • I’m no linux guru, so there may be other solutions I’m unaware of.
  • This also means if you’ve got no idea what you’re doing, this is for you.
  • This is all via the terminal over SSH, no GUI required.
  • The following assumes you’re running as a user called me that is an unprivileged account (i.e. a normal user) with an encrypted home directory.

TL;DR Don’t use an encrypted home directory if you want Syncthing to start on boot

The docs don’t have any details on getting an Upstart service going for Syncthing, so I had to (learn about upstart and) find out how to do this. A couple of forum users helpfully posted some init conf scripts (see bottom of post). Both of which didn’t work for me.

After pulling my hair out, I finally discovered that having an encrypted home directory for a user account with a password whilst trying to start syncthing in upstart with exec sudo -u me /usr/bin/syncthing --no-browser where visudo contains an entry for NOPASSWD for the user me to /usr/bin/syncthing doesn’t work. Probably obvious to some, but not to me.

For past me who wouldn’t have understood any of that, here’s the long version:

Upstart is/was Ubuntu’s init system (new versions use systemd). The most common init system is SysV which Ubuntu also falls back on (Upstart calls SysV init so older packages can still initialise). Upstart uses files in /etc/init/service.conf to describe a service. You can trigger a service to start after other services have started which is cool, so we want to start Syncthing after filesystems are mounted and the network is up.

OK, so then you want to install syncthing as per the docs (add repo, update package list and install). You’ll have to look this up yourself as I can’t add URL’s here (I’m a new user sorry).

Now we want to run Syncthing on boot, meaning we won’t have a user logged in (and Syncthing is a user process). So we need to run Syncthing as a user. To do this we can setup our upstart configuration to run syncthing with sudo, but give it a user context (e.g. sudo -u me /usr/bin/syncthing).

So to make this script, let’s follow one of the examples (in the links below). I have this file at /etc/init/syncthing.conf so upstart can find it and run it at boot.

# syncthing - Open Source Continuous File Synchronization
description "Syncthing - Open Source Continuous File Synchronization"
exec sudo -u me /usr/bin/syncthing --no-browser
start on (local-filesystems and net-device-up IFACE!=lo)
stop on runlevel [!2345]

To understand what is happening there’s plenty of docs. But in a nutshell: sudo -u me /usr/bin/syncthing --no-browser is what upstart runs when starting this service (denoted by the exec command). This attempts to run syncthing as user me. This user has the Syncthing configuration too, under /home/me/.config/syncthing/config.xml so we have to run it as that user.

start on (local-filesystems and net-device-up IFACE!=lo) is telling upstart to run this service after filesystems and network are ready - cool!

respawn tells upstart to run the service again when it goes down (to keep it always up and available). i.e. you could kill 1234 where PID 1234 is your currently running syncthing, and upstart will spawn a new syncthing for you - also cool!

OK so at this point it still didn’t work for me. My user me requires a password and if I tried running the above command, I’d be prompted for my password. So that’s not going to work on boot because no one will be there to enter the password. After some digging I found a solution which is to run visudo to edit the sudo conf (?) which allows you to specify no password for a user. This works as follows:

# opens vi or nano, append the following to the file
sudo  ALL=(me) NOPASSWD: /usr/bin/syncthing

This says that when you run sudo -u me it won’t prompt for a password if executing /usr/bin/syncthing. Alternatively, if you had NOPASSWD: ALL then you can run anything without a password using sudo -u me which is not what I want.

And… it still didn’t work. Why? Looking at the logs (sudo cat /var/log/upstart/syncthing.log) I get ‘Signature not found in user keyring’ followed by a bunch of ‘mkdir denied’ calls (upstart keeps trying to respawn as syncthing keeps failing - whoops). A bit of Googling looks like it’s something trying to access an encrypted path.

What I think is happening at this point is that since it’s run with no password, it gets that user context, but encryption (by it’s very nature) requires the password to decrypt the home directory which is not provided and therefore the home directory remains encrypted. Right!

So, I removed home directory encryption, and that process looks like this:

# login as user 'me' since this will decrypt the home directory
sudo cp -rp /home/me /home/me.backup
sudo adduser temporary
sudo adduser temporary sudo
# now logoff me, and login as admin user 'temporary'
sudo rm -rf /home/me
sudo rm -rf /home/me.backup/.ecryptfs
sudo apt-get remove ecryptfs-utils libecryptfs0
sudo mv /home/me.backup /home/me
# log back in as user 'me'
sudo userdel -r temporary

And that’s the end of my story. It works. Thanks to the other forum users for their upstart confs. Hopefully that helps past me (and you), good luck.

On the syncthing forum: upstart-script-to-background-start-syncthing-on-ubuntu/2485