[Syncthing] How does one setup individual permissions for each folder?

[mike360x1]

Hi there,

So I'm looking to setup a smartphone file backup for everyone in my household and then set up individual permissions for each person.

My issue is that Syncthing writes files on the dataset with the permissions of syncthing:syncthing.

I may be asking for an impossible task: Would I be able to setup different write permissions for each different shared folder?

The alternative is to add syncthing as a member of a folder's "group" permissions and have it write using "group" permissions rather than "owner". I've tried that and it only sends back a "permission denied" error.

Is there any way I can go about this situation?

I would greatly appreciate your help

Thanks in advance,
Michael L.
:)

 

[Joshua Parker Ruehlig]

please show the output of 'ls -l /path/to/folder'
That will show why group permissions aren't working for you.

This may be helpful as well
https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/

 

[mike360x1]

please show the output of 'ls -l /path/to/folder'
That will show why group permissions aren't working for you.

This may be helpful as well
https://forums.freenas.org/index.ph...plugins-write-permissions-to-your-data.27273/

Alright, This is the output:

Code:

michael@tankbox:/mnt/Default/Personal/Syncthing % ls -l
total 16
drwxrwx---  4 michael  plugin  4 Sep 26 00:48 ./
drwxrwxr-x  7 root     1007    7 Sep 25 22:17 ../
drwxrwx---  3 michael  plugin  3 Sep 26 00:34 Lily/
drwxrwx---  3 michael  plugin  3 Sep 26 00:30 Michael/
michael@tankbox:/mnt/Default/Personal/Syncthing %

The group of both users is set to plugin (GID:1110)

I have seen that thread. (Great guide btw :D always refer to it for my plugin permission needs)

I assume that the user for syncthing is "syncthing" and so, I just added "plugin" (GID:1110) to user "syncthing"

Is there something I'm missing?

 

[Joshua Parker Ruehlig]

You should have showed the output from the jail syncthing is running in. That's the context permissions are evaluated from for that service.

Yeah, if the synchting user, in syncthing's jail, is in a group with the GID of 1110, it should be able to write to those folders.

 

[mike360x1]

Okay, no problem.

Code:

root@syncthing_1:/media # ls -l
total 1
drwxrwx---  3 1001  plugin  3 Sep 26 00:34 Lily
drwxrwx---  3 1001  plugin  3 Sep 26 00:30 Michael
root@syncthing_1:/media #

Updated ls -l

Any other ideas what might be causing the problem? Does Syncthing only work with owner permissions?

 

[Joshua Parker Ruehlig]

Okay, no problem.

Code:

root@syncthing_1:/media # ls -l
total 1
drwxrwx---  3 1001  plugin  3 Sep 26 00:34 Lily
drwxrwx---  3 1001  plugin  3 Sep 26 00:30 Michael
root@syncthing_1:/media #

Updated ls -l

syncthing should be able to write to those folders as long as it is in the plugin group in the syncthing_1 jail.

 

[mike360x1]

Okay, so I checked the list of groups in the jail and "syncthing(uid:983)" is in fact in "plugin(gid:1110)"

Code:

root@syncthing_1:/etc # cat /etc/group
# $FreeBSD: releng/10.3/etc/group 256366 2013-10-12 06:08:18Z rpaulo $
#
wheel:*:0:root
daemon:*:1:
kmem:*:2:
sys:*:3:
tty:*:4:
operator:*:5:root
mail:*:6:
bin:*:7:
news:*:8:
man:*:9:
games:*:13:
ftp:*:14:
staff:*:20:
sshd:*:22:
smmsp:*:25:
mailnull:*:26:
guest:*:31:
bind:*:53:
unbound:*:59:
proxy:*:62:
authpf:*:63:
_pflogd:*:64:
_dhcp:*:65:
uucp:*:66:
dialer:*:68:
network:*:69:
audit:*:77:
www:*:80:
hast:*:845:
nogroup:*:65533:
nobody:*:65534:
syncthing:*:983:
michael:*:1001:syncthing
plugin:*:1110:syncthing
root@syncthing_1:/etc #

Could it be a possibility that Syncthing uses some other user? Or that it just wants owner access and won't settle for group access?

 

[Joshua Parker Ruehlig]

Maybe syncthing is trying to write files with syncthing as the owner in those folders and it is getting denied? Otherwise I don't see why it shouldn't work.

this would test if the syncthing user can write there
chsh -s /bin/sh syncthing
su syncthing
touch /media/Lily/test

 

[mike360x1]

Hmm, that yielded some interesting results.

I can touch test in /media/Lily/
but not in /media/

So I went ahead and changed the permissions of media to (user:group ----> root:syncthing) + (chmod 770 media)

I then restarted the jail.
Oh... and it worked!!!!

I'm pretty sure I mounted the jail storage inside
/media/Michael/ not /media/
(So, I'm not sure why changing permissions of media worked :S)

But I'm glad for your assistance. Thanks for your help!!