I have setup a shared folder between Windows → Linux, then run with a standard user,
the message warning says the target folder on Linux does not have permission to write on
How to solve this issue with minimal security concerns?
I had to options either let sync run a root so the services of sync escalated or chmod of target Linux directory to be 777 which lead to any user could execute anything on that dire while that is published to the web app over the internet makes that crisis threat.
So the “web” user only has read access to the directory? Then the advice generalises to: Make that directory writeable to some non-privileged user, and run Syncthing as that user.
E.g. create a new user “websync”, which is member of the same group as the user “web”, then own the directory by “websync” and the common group with 740 permissions.
Why is it bad to run Syncthing as root? The same reason it is bad to run anything as root that does not have to be run as root, especially network enabled services. If anything goes wrong, being that some security issue or a plain, simple bug, that service can take down everything on your system. If you run it as a non-privileged user, the amount of damage that can be done is much more limited.