Running syncthing as a system user

I wrote a brief guide on how to run syncthing as a system user while sharing folders in the users home directory. You run into permission issues by default.

https://nitinpassa.com/running-syncthing-as-a-system-user-on-nixos/

4 Likes

Nice!

I do something similar, but with POSIX ACLs. So Iā€™m very happy that https://github.com/systemd/systemd/pull/25622 got implemented and merged.

1 Like

Do we improve security by doing this?

Do we improve security by doing this?

Yes.

Running as a separate system user means if the program has a security issue (or the service is misconfigured), the process still cannot access anything else than the data directory and the set of shared folders. But if running as a user service, the process has access to everything your user has (like ~/.ssh).

1 Like

Using ACLs seems like a great improvement here. And it looks like it can apply recursively which should solve the setgid limitations of using directory.

Hosted by Flying Circus.