Basic access control

I think it would be a great advantage if Syncthing could be used to share folders with other without giving them the possibility to change things. I imagine something like this: There is a group of clients, who share the same folder and know each other (normal Syncthing setup). These have a somewhat synced/shared list with additional device-ids, to which they do upload, but they don’t take any changes from them, so these ‘external’ devices have read-only access to the folder. Depending on the technical implementation, it might be possible to use the external devices to upload unchanged content, if a device from the first group verifies that the content is unchanged, via hash i.e.

What do you think about that?

I guess what you are referring to is the old BTSync model. Even though I do like that model better, it would be pretty much require a rewrite of syncthing to have anything even remotely similar.

@AudriusButkevicius I have to admit that I have never used BTSync. Why does it require a rewrite? Syncing the list of internal devices should be a thing. And there already is a mechanism, which locks one client to only populate changes made locally, but not to takeover any changes from others. Wouldn’t it be possible to combine this function with the list of trusted devices, so that the client behaves like read-only except for the devices which are on the internal devices list?

All rules are currently client side. Sure I can choose to accept changes only from device A and not device B, but I cannot guarantee or force A not to accept changes from B, and which point I’d get B’s changes via A.

Well, there has to be some sort of syncing meta information, so that one device knows the state of another. Isn’t it possible to use this to sync a list of device IDs between A and my device, from which A can find out that it is not supposed to take changes from B, because B’s device id is not on the list?

I am sorry that I still insist, I just didn’t understand what makes this a big deal.

I think you are underestimating the problem. Imagine the following, where B is the evil guy that’s not supposed to make changes:

You might get B’s change through some distant node you are not even aware exists multiple hops away. It’s not feasible to know a list of all available devices, first of all due to privacy issues, secondly because the list might constantly change, purely based on some device being online and offline, so everyones picture of what’s considered safe and what’s not can constantly change.

1 Like

Well now I got it. The graphic is quiet well to understand. For me, it would not bee an (privacy) issue to make all trusted devices know each other. In that cases, that all trusted devices are synced and known to all other trusted ones, this couldn’t happen?

Potentially, but it doesn’t mean a malicious attacker could not falsify (impersonate) where the changes are coming from beating the point of this whole thing all together.