Hello all,
does anyone know how to set user account for one automatic service?
We have install sycnhthing trough appcentral but service start as root.
We need to force it to use an user account and not use root as user.
Thanks for who will help me.
Synchthing and root account
-
- Posts: 3
- youtube meble na wymiar Warszawa
- Joined: Mon Jan 11, 2021 6:34 pm
- father.mande
- Posts: 1817
- Joined: Sat Sep 12, 2015 2:55 am
- Location: La Rochelle (France)
Re: Synchthing and root account
Hi,
You can try (if you have the skills) :
define a user ... be sure to have access right for this user to the Syncthing shared resource(s)
change /usr/local/AppCentral/Syncthing/CONTROL/start-stop.sh
... use su to change user (/bin/su -c "START_SYNCTHING_COMMAND_LINE" user) root is starting Syncthing ... so su don't ask for a password
... change the HOME folder as explain here after if you don't know how.
This is overwritten by any Syncthing APKG update (nor by internal update)
Please, test before, stop Syncthing and start it manually as start-stop.sh do ...
Take attention to actual the HOME directory (forced to /share/Syncthing/) ... to avoid problem with access right and previous configuration.
This share Syncthing is created at APKG install ... perhaps the best is to have your own HOME
NB I have tested this in the past ... but not with last APKG
Philippe.
You can try (if you have the skills) :
define a user ... be sure to have access right for this user to the Syncthing shared resource(s)
change /usr/local/AppCentral/Syncthing/CONTROL/start-stop.sh
... use su to change user (/bin/su -c "START_SYNCTHING_COMMAND_LINE" user) root is starting Syncthing ... so su don't ask for a password
... change the HOME folder as explain here after if you don't know how.
This is overwritten by any Syncthing APKG update (nor by internal update)
Please, test before, stop Syncthing and start it manually as start-stop.sh do ...
Take attention to actual the HOME directory (forced to /share/Syncthing/) ... to avoid problem with access right and previous configuration.
This share Syncthing is created at APKG install ... perhaps the best is to have your own HOME
NB I have tested this in the past ... but not with last APKG
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
- father.mande
- Posts: 1817
- Joined: Sat Sep 12, 2015 2:55 am
- Location: La Rochelle (France)
Re: Synchthing and root account
Hi,
In complement, if you don't want to change APKG
... stop using it (disable)
... use the syncthing provide in Entware APKG ... this version (1.11.1 but internal update works as well) is TOTALLY under your control ... (even you must at least define a user for it)
Philippe.
In complement, if you don't want to change APKG
... stop using it (disable)
... use the syncthing provide in Entware APKG ... this version (1.11.1 but internal update works as well) is TOTALLY under your control ... (even you must at least define a user for it)
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
-
- Posts: 3
- Joined: Mon Jan 11, 2021 6:34 pm
Re: Synchthing and root account
Hi,
thanks so much for so many information. I've installed Entware APKG and start the service of synchthing.
Now i'm trying to understand how to run the service at start of the nas. Do you have some idea?
I've still another problem, when a file is generate from the synchthing application, the permission of the file are generated as
owner : root
group : root
as permission on file :
owner RW
group RO
other RO
I need to set :
owner : syncthing user ( this is ok with entware )
group : User ( this is ok with entware )
permission
owner RW
group RW
other RO
Can you help me?
Thanks so much for the support.
thanks so much for so many information. I've installed Entware APKG and start the service of synchthing.
Now i'm trying to understand how to run the service at start of the nas. Do you have some idea?
I've still another problem, when a file is generate from the synchthing application, the permission of the file are generated as
owner : root
group : root
as permission on file :
owner RW
group RO
other RO
I need to set :
owner : syncthing user ( this is ok with entware )
group : User ( this is ok with entware )
permission
owner RW
group RW
other RO
Can you help me?
Thanks so much for the support.
- father.mande
- Posts: 1817
- Joined: Sat Sep 12, 2015 2:55 am
- Location: La Rochelle (France)
Re: Synchthing and root account
Hi,
When Entware start (at boot or after a restart of Entware)) ... Entware use it's own init script to start & stop Entware services (as an embedded Linux)
... in /opt/etc/init.d
... ... rc.unslug for loop on services to start or stop at Entware
... ... rc.func for start / stop /restart ... etc function call by Sxxservice files
... ... Sxxservice file to specific action for a service
... so changing the SxxSERVICE (xx is a number for order) ... permit to personalize your service start_up ... or bypass rc.func and manage all as your need.
Philippe.
When Entware start (at boot or after a restart of Entware)) ... Entware use it's own init script to start & stop Entware services (as an embedded Linux)
... in /opt/etc/init.d
... ... rc.unslug for loop on services to start or stop at Entware
... ... rc.func for start / stop /restart ... etc function call by Sxxservice files
... ... Sxxservice file to specific action for a service
... so changing the SxxSERVICE (xx is a number for order) ... permit to personalize your service start_up ... or bypass rc.func and manage all as your need.
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T
-
- Posts: 3
- Joined: Mon Jan 11, 2021 6:34 pm
Re: Synchthing and root account
I've still another problem, when a file is generate from the synchthing application, the permission of the file are generated asfather.mande wrote:Hi,
When Entware start (at boot or after a restart of Entware)) ... Entware use it's own init script to start & stop Entware services (as an embedded Linux)
... in /opt/etc/init.d
... ... rc.unslug for loop on services to start or stop at Entware
... ... rc.func for start / stop /restart ... etc function call by Sxxservice files
... ... Sxxservice file to specific action for a service
... so changing the SxxSERVICE (xx is a number for order) ... permit to personalize your service start_up ... or bypass rc.func and manage all as your need.
Philippe.
owner : root
group : root
as permission on file :
owner RW
group RO
other RO
I need to set :
owner : syncthing user ( this is ok with entware )
group : User ( this is ok with entware )
permission
owner RW
group RW
other RO
Can you help me?
- father.mande
- Posts: 1817
- Joined: Sat Sep 12, 2015 2:55 am
- Location: La Rochelle (France)
Re: Synchthing and root account
Hi,
I have to run test ... sure that access right is done by user writing the file and be sure Synthing is started under this user
1) provide the owner and access right for the original (source) file to compare
2) search then ask to syncthing forum : https://forum.syncthing.net/
3) try changing the umask before starting Syncthing (umask is a builtin function READ doc on internet to understand umask works)
... umask work is special ... How to use it :
... umask use a complement on access right to check the result use umask -S (it's the way to be sure to do what you want)
... ex. umask 0017 generate as result of umask -S : u=rwx,g=rw,o= ... so test with a file (touch file_name) ...it's not obvious
4) try a workaround
... use getfacl and setfacl (kernel 4.14.x support it) from Entware and fine tune your access right
... use incron to change immediately file access when a file is written ... incron is a cron not based on time but on file/dir change (also in Entware)
etc. etc.
Philippe.
I have to run test ... sure that access right is done by user writing the file and be sure Synthing is started under this user
1) provide the owner and access right for the original (source) file to compare
2) search then ask to syncthing forum : https://forum.syncthing.net/
3) try changing the umask before starting Syncthing (umask is a builtin function READ doc on internet to understand umask works)
... umask work is special ... How to use it :
... umask use a complement on access right to check the result use umask -S (it's the way to be sure to do what you want)
... ex. umask 0017 generate as result of umask -S : u=rwx,g=rw,o= ... so test with a file (touch file_name) ...it's not obvious
4) try a workaround
... use getfacl and setfacl (kernel 4.14.x support it) from Entware and fine tune your access right
... use incron to change immediately file access when a file is written ... incron is a cron not based on time but on file/dir change (also in Entware)
etc. etc.
Philippe.
AS6602T / AS5202T /AS5002T / AS1002T / FS6706T