SyncThing - Directory Access Denied

[Spencer Skinner]

So I have been trying to set up sync thing to help me transfer all my games onto the NAS every time they update, ive opted to use sync thing.

I have made the Jail, enabled it all. I can access the UI for SyncThing thats all good, I have then gone to add storage, I selected a whole new dataset which has the default perms on it, owners being Root and Wheel

When i go to access this on SyncThing it says access denied

Code:

2017-01-17 22:49:02: Creating folder marker: open /media/.stfolder: permission denied

2017-01-17 22:49:02: Stopping folder "Test" (dbhnm-4f5da) - folder marker missing

I dont entirely understand what its getting at.

My best guess is that SyncThing doesnt have permission to edit its own directory or access the target directory, but if im honest i have no idea

Thanks

 

[Spencer Skinner]

Here is a better snippet of the error that is chucked by SyncThing

Code:

2017-01-17 23:09:01: Creating folder: mkdir /Sync/: permission denied

2017-01-17 23:09:01: Creating folder marker: open /Sync/.stfolder: no such file or directory

2017-01-17 23:09:01: Creating folder marker: open /media/.stfolder: permission denied

2017-01-17 23:09:01: Stopping folder "Test" (dbhnm-4f5da) - folder marker missing

2017-01-17 23:09:01: Stopping folder "Default Folder (3vJ5Q-d7PQm)" (3vJ5Q-d7PQm) - folder path missing

 

[Joshua Parker Ruehlig]

you need to make sure syncthing's user has permission to write to that dataset.

I suggest you understand how Unix permissions work, then list the permissions for your dataset 'ls -l /path/to/folder'
https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/

 

[Spencer Skinner]

you need to make sure syncthing's user has permission to write to that dataset.

I suggest you understand how Unix permissions work, then list the permissions for your dataset 'ls -l /path/to/folder'
https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/

Sorry for the very late response on this been working on other stuff as of recent.#

Ive tried it again and it seemed to work but only when i manually created the directory within the jail using mkdir

Although i did use 777 permissions, ive deleted it all and am going to do it properly this time with 770 permissions and the adequate users created.

Im going to try it on a larger directory tree for practical use next, will do it tomorrow

 

[Spencer Skinner]

Right so as an update what ive got so far is.

Its running and it syncing to my PC, but whatever i put in that folder on my PC doesnt sync into the FreeNAS server, it just creates a Syncthing temporary file and fails to sync it.

Ive tried giving it full 777 permission aswell as 770. Neither makes a difference.

My best guess is the share i have it setup to work in is a windows share and i added the syncthing user from the windows permissions manager, would that have been the cause?

 

[Joshua Parker Ruehlig]

i do not think your best guess will work

I asked before but you never answered, can you show the output of,'ls -l /path/to/folder'
also did you read and fully understand the post I linked?
https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/

 

[Spencer Skinner]

i do not think your best guess will work

I asked before but you never answered, can you show the output of,'ls -l /path/to/folder'
also did you read and fully understand the post I linked?
https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/

Yeh i read all of your post, its was different to how id seen it done online to give permission to syncthing

here is what i get when i run your command -

Code:

root@syncthing_1:/ # ls -l /media/syncTest																						
total 0																															
root@syncthing_1:/ #		

I assume that means ive not given the jail any permission

the way ive always given it permission is to do -

Code:

chmod -R 770 /media/syncTest

Any ideas?

 

[Joshua Parker Ruehlig]

you don't need to give the jail permissions. you need to give it to the user the syncthing process runs as.

the is should be more useful 'ls -l /media'
so I assume based on 770 you want to use grou0 permissions? you would then need to implement 'Solution 3'
so figure out what group owns that folder, add a group with that GID in the jail, and add syncthing's user to that group

 

[Spencer Skinner]

Right so based on what your saying there id need to allow syncthing to use my "admin" group because this is the one that owns the directories i wish to sync. the "admin" group has full access to ALL of the datasets on the server as well as the one i want to sync and also has full control over them. Does this pose any security risks?

 

[Spencer Skinner]

And also based on what your saying i do not need to use the chmod -R 770 /FOLDER command to do all of the permissions, just your solution instead?

 

[Joshua Parker Ruehlig]

Right so based on what your saying there id need to allow syncthing to use my "admin" group because this is the one that owns the directories i wish to sync. the "admin" group has full access to ALL of the datasets on the server as well as the one i want to sync and also has full control over them. Does this pose any security risks?

it does not historically, no process has broken out of a jail.

but, if you want you could create a different group to own this dataset and add syncthings user to that group instead.

the folders still need 77X permissions to be group writable. I think by default folders are 755, so only the owner can write to them.

 

[Spencer Skinner]

Right so this is what ive done so far

Code:

[root@freenas ~]# jls																											   
   JID  IP Address	  Hostname					  Path																		 
	 1  -			   plexmediaserver_1			 /mnt/AlphaVolume/jails/plexmediaserver_1									 
	 4  -			   syncthing_1				   /mnt/AlphaVolume/jails/syncthing_1											
[root@freenas ~]# jexec 4 tcsh																									 
root@syncthing_1:/ # pw groupadd -n admin -g 1001																				   
root@syncthing_1:/ # pw groupmod admin -m 983																					   
root@syncthing_1:/ # chmod -R 770 /media/synctest																				   
root@syncthing_1:/ #		   

here is the result of the ls command after i did all that

Code:

root@syncthing_1:/ # ls -l /media																								   
total 1																															 
drwxrwx---  2 root  wheel  2 Feb  2 18:30 synctest																				 
root@syncthing_1:/ #

By the looks of it, its just assumed root permissions, that a good thing, doesnt sound like it to me?

 

[Joshua Parker Ruehlig]

root:wheel is default ownership.
I assume you never changed the ownership of the synctest dataset.
either do that on your Storage tab, or with the chown command

 

[Spencer Skinner]

Right so i did all that, ive now got SyncThing online, when it started it have me the default error i seem to g

root:wheel is default ownership.
I assume you never changed the ownership of the synctest dataset.
either do that on your Storage tab, or with the chown command

Fixed that issue, i hadnt added the storage to the jail yet, slight fail on my part there ahaha

Code:

root@syncthing_1:/ # ls -l /media																								   
total 17																															
drwxrwx---  2 syncthing  admin  43 Feb  2 18:38 synctest																			
root@syncthing_1:/ #	 

Thats what i am now getting

When i started syncthing just a second ago its came up with its generic error saying it was unable to create /Sync/ access denied. BUT when i then manual set up a sync to the /media/synctest directory and then paired that to my PC it synced perfectly it seems?

 

[Joshua Parker Ruehlig]

glad it works perfectly

 

[Spencer Skinner]

Scratch that, it no longer works....

Does it have to be Unix or can it be windows?

 

[Joshua Parker Ruehlig]

lol, can isee the output of
'ls -l /media' and 'ls -l /media/synctest'

I don't know about windows permissions (ACLs) and don't help with them.

 

[Spencer Skinner]

lol, can isee the output of
'ls -l /media' and 'ls -l /media/synctest'

I don't know about windows permissions (ACLs) and don't help with them.

Here are the outputs

Code:

[root@freenas ~]# jls																											   
   JID  IP Address	  Hostname					  Path																		 
	 1  -			   plexmediaserver_1			 /mnt/AlphaVolume/jails/plexmediaserver_1									 
	 4  -			   syncthing_1				   /mnt/AlphaVolume/jails/syncthing_1											
[root@freenas ~]# jexec 4 tcsh																									 
root@syncthing_1:/ # ls -l /media																								   
total 1																															 
drwxrwx---  2 root  admin  4 Feb  2 18:55 synctest																				 
root@syncthing_1:/ # ls -l /media/synctest																						 
total 1																															 
-rw-r--r--  1 syncthing  admin  0 Feb  2 18:53 .stfolder																			
-rw-r--r--  1 syncthing  admin  0 Feb  2 16:57 Triggered.txt																		
root@syncthing_1:/ #																												
							 

Seems to work again?

Yeh the idea i have is that i can sync all of my work on my PC (Windows 10) and Laptop (Windows 10) to my server as a form of backup but id also like to be able to access it directly on the server to directly modify it etc, if you catch what im saying?

 

[Joshua Parker Ruehlig]

sounds like you were messing with me by saying it wasn't working, cause obviously from those outputs syncthing can write to those files. =P

if you want direct access you 'admin' account can write to those folders.

 

[Spencer Skinner]

sounds like you were messing with me by saying it wasn't working, cause obviously from those outputs syncthing can write to those files. =P

if you want direct access you 'admin' account can write to those folders.

How would i go about writing to them because i cant go the generic route which is to set up an SMB Share can I?