Warning: Syncthing should not run as a privileged or system user #42

New Issue

OVERLORD · 2026-02-04T16:21:37+03:00

OVERLORD commented

2026-02-04 16:21:37 +03:00

Originally created by @unknownFalleN on GitHub (Nov 13, 2024).

Please verify that you have read and understood the guidelines.

yes

A clear and concise description of the issue.

The LXC Script is started the service as root. Then Syncting give a warning: "Syncthing should not run as a privileged or system user. Please consider using a normal user account."

What settings are you currently utilizing?

Default Settings

Which Linux distribution are you employing?

Debian 12

If relevant, including screenshots or a code block can be helpful in clarifying the issue.

No response

Please provide detailed steps to reproduce the issue.

start the bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/syncthing.sh)"
Call webservice Url

Originally created by @unknownFalleN on GitHub (Nov 13, 2024). ### Please verify that you have read and understood the guidelines. yes ### A clear and concise description of the issue. The [LXC Script ](https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/install/syncthing-install.sh) is started the service as root. Then Syncting give a warning: "Syncthing should not run as a privileged or system user. Please consider using a normal user account." ### What settings are you currently utilizing? Default Settings ### Which Linux distribution are you employing? Debian 12 ### If relevant, including screenshots or a code block can be helpful in clarifying the issue. _No response_ ### Please provide detailed steps to reproduce the issue. 1. start the `bash -c "$(wget -qLO - https://github.com/community-scripts/ProxmoxVE/raw/main/ct/syncthing.sh)" ` 2. Call webservice Url

OVERLORD closed this issue

2026-02-04 16:21:38 +03:00

OVERLORD commented

2026-02-04 16:21:43 +03:00

@thegasta commented on GitHub (Nov 16, 2024):

Keep in mind that syncthing is running inside of the container as user root (uid 0).
Uid 0 of the LXC is mapped as uid 100000 in the host.

So, from what I undestood, this is excpected, you can simply ignore the notification (as I am doing).

@thegasta commented on GitHub (Nov 16, 2024): Keep in mind that syncthing is running inside of the container as user `root` (uid `0`). Uid `0` of the LXC is mapped as uid `100000` in the host. So, from what I undestood, this is excpected, you can simply ignore the notification (as I am doing).

OVERLORD commented

2026-02-04 16:21:45 +03:00

@aaronblair commented on GitHub (Dec 4, 2024):

To add to this, I believe that the current setup with the root user adds some additional complexity when trying to map the root user to a host user through a bind mount. I don't believe you can map 0->1000, for example.

I'd really like to know how others are mounting local user files to the syncthing container (NFS, etc).

What is the objection to running this with something like syncthing:syncthing?

@aaronblair commented on GitHub (Dec 4, 2024): To add to this, I believe that the current setup with the root user adds some additional complexity when trying to map the root user to a host user through a bind mount. I don't believe you can map 0->1000, for example. I'd really like to know how others are mounting local user files to the syncthing container (NFS, etc). What is the objection to running this with something like syncthing:syncthing?

OVERLORD commented

2026-02-04 16:21:48 +03:00

@pawilli commented on GitHub (Aug 14, 2025):

To add to this, I believe that the current setup with the root user adds some additional complexity when trying to map the root user to a host user through a bind mount. I don't believe you can map 0->1000, for example.

I'd really like to know how others are mounting local user files to the syncthing container (NFS, etc).

What is the objection to running this with something like syncthing:syncthing?

I had the same issue and I am replying to this thread to provide a solution for others who might run into this same problem.

Run the script and let it finish. Then go into the console of the newly created lxc and run these commands.

# stop the service
   systemctl stop syncthing@root.service
 
# create user and follow the prompts
   adduser syncthing
 
 
 # Change directory to the new home directory    
    cd /home/syncthing
 
 # create new configuration directory in the new home directory
    mkdir .local
    mkdir .local/state 
 
 # move the configuration from the root home folder to this folder
    mv ~/.local/state/syncthing .local/state
 
# change ownership of the directory to the local user
   sudo chown -R syncthing:syncthing .local

# make new default directory 
# note you will have to delete the default directory and create a new defaut using this path once you start the GUI
   mkdir Sync
  chown -R syncthing:syncthing Sync

# change ownership one more time to make sure the permissions are valid - may not be necessary but better to be sure.
   chown -R syncthing:syncthing /home/syncthing

# test the new configuration
   systemctl start syncthing@syncthing

# everything should work now with a non-root user.

# make sure the correct user starts the service after reboot.
   systemctl enable syncthing@syncthing.service

Reboot

#Once it reboot you should be running syncthing using the new account.
#Don't forget to delete the default folder (which points to /root/Sync and replace it with a new default folder pointing to #/home/syncthing/Sync
#You should be good to go.

Hopefully, those who know more than me can incorporate these commands into the script.

Thank you all

@pawilli commented on GitHub (Aug 14, 2025): > To add to this, I believe that the current setup with the root user adds some additional complexity when trying to map the root user to a host user through a bind mount. I don't believe you can map 0->1000, for example. > > I'd really like to know how others are mounting local user files to the syncthing container (NFS, etc). > > What is the objection to running this with something like syncthing:syncthing? I had the same issue and I am replying to this thread to provide a solution for others who might run into this same problem. Run the script and let it finish. Then go into the console of the newly created lxc and run these commands. ``` # stop the service systemctl stop syncthing@root.service # create user and follow the prompts adduser syncthing # Change directory to the new home directory cd /home/syncthing # create new configuration directory in the new home directory mkdir .local mkdir .local/state # move the configuration from the root home folder to this folder mv ~/.local/state/syncthing .local/state # change ownership of the directory to the local user sudo chown -R syncthing:syncthing .local # make new default directory # note you will have to delete the default directory and create a new defaut using this path once you start the GUI mkdir Sync chown -R syncthing:syncthing Sync # change ownership one more time to make sure the permissions are valid - may not be necessary but better to be sure. chown -R syncthing:syncthing /home/syncthing # test the new configuration systemctl start syncthing@syncthing # everything should work now with a non-root user. # make sure the correct user starts the service after reboot. systemctl enable syncthing@syncthing.service ``` `Reboot` #Once it reboot you should be running syncthing using the new account. #Don't forget to delete the default folder (which points to /root/Sync and replace it with a new default folder pointing to #/home/syncthing/Sync #You should be good to go. Hopefully, those who know more than me can incorporate these commands into the script. Thank you all

OVERLORD commented

2026-02-04 16:21:48 +03:00

@aaronblair commented on GitHub (Aug 14, 2025):

I think this is a good solution for the immediate issue of Syncthing running as a root user, but it doesn't resolve the bigger issues of simplifying bind mounting host folders or other setups. I found that doing things like this really messed up the permissions. In the end, I found it easier to make my own containers and skip the scripts. A bit of a shame and I really like the concept.

@aaronblair commented on GitHub (Aug 14, 2025): I think this is a good solution for the immediate issue of Syncthing running as a root user, but it doesn't resolve the bigger issues of simplifying bind mounting host folders or other setups. I found that doing things like this really messed up the permissions. In the end, I found it easier to make my own containers and skip the scripts. A bit of a shame and I really like the concept.

OVERLORD referenced this issue

2026-02-04 17:07:20 +03:00

BookStack MFA Issues After Script Updating to v24.10.3 #202

Sign in to join this conversation.

Branches Tags

main

github-action-update-changelog

pr-update-app-files

docker_deb13

feat/cloudinit-sshkeys

feat/sqlserver2025

automated/update-github-versions

add-script-opencloud-1770212555

add-script-openclaw-1770212634

github-action-archive-changelog

update_apps_tool

add-script-wishlist-1770193085

MickLesk-patch-2

add-script-writefreely-1770188758

add-script-wealthfolio-1770143943

fix/vaultwarden-update-script

remove_memos

disable_npm

feature/codeberg-functions-forgejo-readeck

add-script-rustypaste-1770019426

add-script-kitchenowl-1770017260

fix/2fauth-php-version

tools_func_addcodeberg

CrazyWolf13-patch-2

add-script-shelfmark-1769790178

CrazyWolf13-patch-1

add-script-ampache-1769790139

add-script-languagetool-1769790155

remove_php_deps

ref_koilection

fix/php-module-improvements

tremor021-patch-1

fix/open-archiver-meilisearch-migration

cloudflare_dns

MickLesk-patch-1

michelroegl-brunner-patch-2

fix/version-display

fix/debian13-root-ownership

feat/interactive_prompts

feature/smart-error-recovery

core_stable

update_docs

refactor/tools-func-stability

certbot_npm

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/ProxmoxVE#42