Best practice (for any backup tool and not just SpiderOak ONE or Groups) is to create the group "backup" and add to that group (1) the non-root user that runs ONE or Groups and (2) any files that ONE or Groups would otherwise not have permission to access. Running any user application as root is hazardous and can almost always be avoided through appropriate permissions. For these reasons, running SpiderOak ONE or Groups as root is discouraged and is not supported.
If you have any feedback on this article please let our support team know. Thanks!