Syncthing / permissions — Create a share with existing folder

isidoreisou · June 25, 2019, 10:14am

My YunoHost server

Hardware: Kimsufi KS4
YunoHost version: 3.5.2.2

Description of my issue

Hello everyone,

I’d like to add a share to the app Syncthing, using a user folder, or a Yunohost backup folder.

For example:

/home/yunohost.multimedia/$user
/home/yunohost.backup/archives/

I’ve got those errors:

2019-06-25 12:10:25: Loading ignores: open /home/yunohost.backup/archives/.stignore: permission denied
2019-06-25 12:10:25: Failed to create folder marker: stat /home/yunohost.backup/archives/.stfolder: permission denied
2019-06-25 12:10:25: Error on folder "Backup archives" (kyp6f-nwaxw): stat /home/yunohost.backup/archives/.stfolder: permission denied

Can you please tell me what permissions I need to change exactly?

THANKS

isidoreisou · June 25, 2019, 3:43pm

I’ve try to add the user syncthing to the group multimedia, with little hope, but no difference.
I think I could add the user syncthing to the group root, but it does not seems right.

I’ll wait for your feedback before breaking anything.

isidoreisou · June 27, 2019, 10:15am

Solved!

setfacl -Rm user:syncthing:rwx /home/yunohost.multimedia/thomas

isidoreisou · June 29, 2019, 9:52am

Well, it’s not working after all.

Syncthing can r/w on the Multimedia folder
But now Nextcloud can not w on the folder creating by Syncthing…

When Syncthing create a folder:

# file: FolderCreatedBySyncthing                                                                                                                                  
# owner: syncthing                                                                                                                                   
# group: syncthing

So Nextcloud can’t write in it.
BUT this folder is also:

# file: FolderCreatedBySyncthing                                                                                                                                   
# owner: syncthing                                                                                                                                   
# group: syncthing                                                                                                                                   
user::rwx                                                                                                                                            
user:syncthing:rwx                                                                                                                                   
user:nextcloud:rwx
user:www-data:rwx

So why Nextcloud can’t r/w ?
This is sooo difficult! But I will make it, sometime.
Thanks!

Jan.DEV-CORPS · January 28, 2020, 5:37pm

Have you found a solution to the problem?
I’m facing the exact same problem.

isidoreisou · January 28, 2020, 6:48pm

Sorry but no. I gave up using Syncthing. But I never really learned Linux permissions and I should. Nevertheless this is really not user-friendly.

Jan.DEV-CORPS · January 28, 2020, 7:26pm

I have found the solution. In your case it would be something like this
setfacl -Rmb g:groupName:rwX,d:g:groupName:rwX,u:userName:rwX,d:u:userName:rwX /home/yunohost.multimedia/thomas

But it’s unfortunate that you gave up using Syncthing I’m enjoing it by now. Yeah I give you the point that it takes somtime to get used to it.

And another hint for you: I created an extra group on the server just for folders that mulitple users have read/write access to it.

isidoreisou · January 29, 2020, 8:50am

Thanks a lot for this, it will helps me in th future for sure!

mateMatt · April 3, 2022, 2:09pm

Hi @Jan.DEV-CORPS ,

Have you been able to enjoy syncthing with no problem since then?
I am trying to use the /home/yunohost.multimedia/share folder to create a shared file zone that is shared among the users.
I am very new to the ACL file permissions, so I looked at the man page to understand better.
So here where I ended up:

$ id syncthing
uid=993(syncthing) gid=993(syncthing) groups=993(syncthing)
$ sudo setfacl -Rmb g:syncthing:rwX,d:g:syncthing:rwX,u:syncthing:rwX,d:u:syncthing:rwX /home/yunohost.multimedia/share/
setfacl: Option -m: Invalid argument near character 
$ sudo setfacl -Rb g:syncthing:rwX,d:g:syncthing:rwX,u:syncthing:rwX,d:u:syncthing:rwX /home/yunohost.multimedia/share/
setfacl: g:syncthing:rwX,d:g:syncthing:rwX,u:syncthing:rwX,d:u:syncthing:rwX: No such file or directory

I don’t see any particular change int he behavior, any help would be very welcome.

mateMatt · April 3, 2022, 5:35pm

I am not sure what I have done is the proper way of doing it, but here is what I found to be functional.
The basic idea is to adapt the group members to allow the modifications by nextcloud, syncthing, and later any other program of file sharing.

$ sudo nano /etc/group

add to multimedia:x:1000:nextcloud,nextcloud__2

,syncthing,users,www-data

Save (Ctrl+o), exit (Ctrl+x), then use

$ sudo chown -R www-data:multimedia /home/yunohost.multimedia/share

This made the job for me, then you have your shared files in this folder for all users to use.

blodarn · November 1, 2024, 8:24pm

Hi @mateMatt @isidoreisou @RaspYuno @gabjy !

I think I found a solution. It worked for me.
Connect to the server in command line (CLI) : SSH and command line | Yunohost Documentation

Apply those commands (change the path according to your needs) :

sudo setfacl -R -m u:syncthing:rwX /home/yunohost.backup/archives
sudo setfacl -R -m d:u:syncthing:rwX /home/yunohost.backup/archives
sudo setfacl -R -m u:syncthing:rwX /home/yunohost.multimedia/admin/eBook
sudo setfacl -R -m d:u:syncthing:rwX /home/yunohost.multimedia/admin/eBook

Verify that the permissions were changed with commands below :

getfacl /home/yunohost.multimedia/admin/eBook

    getfacl: Removing leading '/' from absolute path names
    # file: home/yunohost.multimedia/admin/eBook
    # owner: admin
    # group: root
    user::rwx
    user:syncthing:rwx
    group::rwx
    group:multimedia:rwx
    mask::rwx
    other::r-x
    default:user::rwx
    default:user:syncthing:rwx
    default:group::rwx
    default:group:multimedia:rwx
    default:mask::rwx
    default:other::r-x

getfacl /home/yunohost.backup/archives

    getfacl: Removing leading '/' from absolute path names
    # file: home/yunohost.backup/archives
    # owner: root
    # group: admins
    user::rwx
    user:syncthing:rwx
    group::rwx
    mask::rwx
    other::---
    default:user::rwx
    default:user:syncthing:rwx
    default:group::rwx
    default:mask::rwx
    default:other::---

Then to allow syncthing to traverse these directories without altering existing permissions, you can add execute permissions specifically for the syncthing user using ACLs.

For /home/yunohost.backup:
sudo setfacl -m u:syncthing:x /home/yunohost.backup

For /home/yunohost.multimedia:
sudo setfacl -m u:syncthing:x /home/yunohost.multimedia

For /home/yunohost.multimedia/admin:
sudo setfacl -m u:syncthing:x /home/yunohost.multimedia/admin