[Slackbuilds-users] Syncthing init script on SBo runs as root - security risk?

Sebastian Arcus s.arcus at open-t.co.uk
Thu Dec 31 08:59:12 UTC 2015

On 31/12/15 08:45, henkjan gersen wrote:

Hi Henkjan,

> The current version of Syncthing on SBo installs an init script that 
> runs the daemon as root, which seems a security risk to me and goes 
> against the advice on the Syncthing wiki: 
> http://docs.syncthing.net/users/autostart.html#run-independent-of-user-login
> There was a thread on the mailing-list in June with patches that run 
> Syncthing as an unprivileged user, see 
> http://lists.slackbuilds.org/pipermail/slackbuilds-users/2015-June/014347.html

It was I who submitted those suggestions and patches
> Those patches seem sensible for a situation that where it runs as a 
> system daemon and hence appear to be a safer default. Only minor 
> mistake appears to be the mention of "Exim" in the suggested group add 
> command.

Thanks for catching that
> Any progress on fixing this or is it intentional that it runs as root?

I was told at the time that the maintainer should approve the changes. I 
tried contacting the maintainer, but never heard anything back I'm afraid.

More information about the SlackBuilds-users mailing list