[Slackbuilds-users] Amendments to syncthing scripts to accommodate running as non-root user

Sebastian Arcus s.arcus at open-t.co.uk
Mon Jun 8 12:34:05 UTC 2015


As per my previous post to the SBo list, syncthing developers recommend 
that it should never be run as root - even when run as a demon - as it 
has not been designed with that level of security in mind.

As the uid:gid 307 has been approved for the syncthing user/group on 
SBo, may I suggest the patches below to accommodate this user/group in 
the scripts provided with syncthing on SBo. The patches do the following:

1. Amend rc.syncthing to start syncthing as "syncthing" user.
2. Provide a configurable location for the home/config directory under 
/var/lib - as it is the custom for data owned by demons (as opposed to 
real human users) under Linux.
3. Amend syncthing.Slackbuild script to request the creation of the 
syncthing user/group, if it doesn't exit.
4. Amend the syncthing.Slackbuild script to create the following dirs 
and set their permissions accordingly: /var/lib/syncthing/config and 
/var/run/syncthing

I hope the above makes sense. If any of it is incorrect or unsuitable, 
could you please suggest alternatives.

##############################################

--- syncthing.SlackBuild        2015-06-08 13:03:54.758485646 +0100
+++ syncthing.SlackBuild.new    2015-06-08 13:18:32.529446783 +0100
@@ -49,6 +49,14 @@

  set -e

+# Check if the syncthing user and group exist. If not, then bail.
+if [ "$(id -g syncthing 2> /dev/null)" != "307" -o "$(id -u syncthing 
2> /dev/null)" != "307" ]; then
+  echo "  You must have an 'syncthing' user and group to run this script."
+  echo "    # groupadd -g 307 exim"
+  echo "    # useradd -d /var/lib/syncthing -g syncthing -s /bin/bash 
-u 307 syncthing"
+  exit 1
+fi
+
  rm -rf $PKG
  mkdir -p $TMP $PKG $OUTPUT
  cd $TMP
@@ -72,8 +80,9 @@
  mkdir -p $PKG/etc/rc.d
  cat $CWD/rc.syncthing > $PKG/etc/rc.d/rc.syncthing.new

-mkdir -p $PKG/var/lib/syncthing
+mkdir -p $PKG/var/lib/syncthing/config
  mkdir -p $PKG/var/run/syncthing
+chown -R syncthing.syncthing /var/{lib,run}/syncthing

  mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
  cp -a *.txt *.pdf $PKG/usr/doc/$PRGNAM-$VERSION


########################################################

--- rc.syncthing        2015-06-08 13:04:20.237858026 +0100
+++ rc.syncthing.new    2015-06-08 13:09:14.033831997 +0100
@@ -2,6 +2,9 @@
  #
  # syncthing start script

+$ST_USER="syncthing"
+$CONFDIR="/var/lib/syncthing/config"
+
  case "$1" in
         stop)
                 PID=/var/run/syncthing/syncthing.pid
@@ -15,7 +18,7 @@
                 ;;
         start)
                 echo "Start Syncthing..."
-               /usr/bin/syncthing
+                su - $ST_USER -c "$SYNCTHING -home=$CONFDIR" &
                 ;;
         restart)
                 $0 stop



More information about the SlackBuilds-users mailing list