Adding a not-fully-trusted device to the cloud

Suppose Alice, Bob, and Carol share a folder with each other. They also want to share that folder with Dave, but don’t fully trust Dave, or perhaps they just don’t fully trust the security of the device he’s using. Either way, they want to ensure that any changes Dave makes to his copy of the files don’t propagate back to them. In other words, he should have read-only access to the global state.

In addition, if Dave becomes aware that he has accidentally made changes to his copy of the files (his copy of SyncThing should know this and be able to tell him), he should be able to tell SyncThing to get back in sync with the global version. The other users, however, should not necessarily be able to force this on Dave if it’s not what he wants.

This is currently impossible, right? Is this use case something that SyncThing plans to support in the near/foreseeable future? Or is it really only meant for sharing between fully trusted devices (or, in the case of Folder Master, with only one fully trusted and all-powerful device)?

If I am not mistaken, this CAN currently be done, but it’s more of a workaround than a feature:

Let’ suppose Alice Bob and Carol share a folder (say ~/shared/), and they name the repository “trusted”.

Now Dave wants to have these files, but he is not supposed to change them.

So Alice, Bob and Carol open a second repo called “untrusted”, also pointing to ~/shared/, all of them have the Folder Master option checked and share it with Dave.

Dave is now unable to make any changes to the original set. If he does make changes to his own set, Alice, Bob and Carol will have the “override” button pop up in their GUI, but with no changes to their own files.

I think a “semi-trusted” or “slave”- feature is somewhat planned but currently not being worked on. (Though there has been some work on it that has been canceled)

Ahh… yes, that’ll do it, mostly. It’s a workaround, but it’s actually kind of an elegant one. Nothing in the documentation (that I saw) said anything about what would happen if there was more than 1 Folder Master, and I’m guessing it’s not usually desirable, except in cases like this when another mechanism (specifically, another repository) is keeping those files in sync.

The various folder masters will mostly appear to be vastly out of sync with each other, even when the contents are in fact the same. I think the setup suggested here will have a few practical issues.

Yeah, I never actually tried it- would be interesting to see. @praxiq If you try this, please report your results!