Why it's not recommended to run Syncthing as a root?

I have setup a shared folder between Windows → Linux, then run with a standard user, the message warning says the target folder on Linux does not have permission to write on

How to solve this issue with minimal security concerns? I had to options either let sync run a root so the services of sync escalated or chmod of target Linux directory to be 777 which lead to any user could execute anything on that dire while that is published to the web app over the internet makes that crisis threat.

Any advise to solve this challenge

Who is the owner of the folder and which user is syncthing executed with?

webuser is owner of target directory, needs root privilege to access to that folder,

syncthing uses standard user let’s call it Absi

Why don’t you run syncthing with the web user?

It does not have a privilege to write on Target Directory

So the “web” user only has read access to the directory? Then the advice generalises to: Make that directory writeable to some non-privileged user, and run Syncthing as that user.
E.g. create a new user “websync”, which is member of the same group as the user “web”, then own the directory by “websync” and the common group with 740 permissions.

Why is it bad to run Syncthing as root? The same reason it is bad to run anything as root that does not have to be run as root, especially network enabled services. If anything goes wrong, being that some security issue or a plain, simple bug, that service can take down everything on your system. If you run it as a non-privileged user, the amount of damage that can be done is much more limited.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.