Handling Users and Permissions when Installing as systemd

After creating the syncthing@.service file in /lib/systemd/system, I created a user on my system called syncthing.

Then I run:

systemctl enable syncthing@syncthing.service

And then:

systemctl start syncthing@syncthing.service

Then I edit the config.xml file in the syncthing home folder to adjust the listening IP address to the machine’s IP.

Then, I open up a browser and load Syncthing. After that, I add the remote machine to Syncthing on my laptop and wait for the prompt on the server.

Now that we’re connected, I want to sync a folder on my laptop to the server. Creating that share prompts the server and when I attempt to point the share on the server to the intended sync folder, every time I get permissions denied to create .stignore and a folder as well.

So, I find myself manually creating that folder…

I thought I could simply setfacl -m user:syncthing:rw that folder on the server to give syncthing user rights…but I’m probably missing a step or doing something wrong.

Any ideas?

Well, I got it to work, but I’m not sure if this is safe or not…

  1. I setfacl -R -m user:syncthing:rwx /home/domain.com/
  2. I made sure that the entire public_html folder and subfolders allowed group r+w rights.

This doesn’t seem safe though. Thoughts?

Minor nitpick:

User created system wide services go into /etc/systemd/system. /lib (resp. /usr/lib) is for service shipped as part of a program (e.g. if you install debian packages, that’s where a service will be).

What operating system runs on the server?

I don’t know setfacl, so the following might not apply: On your command I don’t recognize a recursive option (if there is any existing content). And the execute permission isn’t there, which is required to “enter”/traverse a directory.

The OS is Ubuntu 18.04.

So the solution that works for me is:

setfacl -R -m user:syncthing:rwx path_to_files/

It adds the user to the access control list for this folder and all sub-folders.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.