I built an Ubuntu Server. Users that need access to the data share are part of group “nasgrp.” I made a new user on the server, named “Syncthing.” The Syncthing service runs under the “Syncthing” user. The Syncthing user is also in “nasgrp” and I removed it from all other groups. When Syncthing makes files, they have the correct group (nasgrp) and have following permissions: -rw-r - - r - -
(owner can read and write, group and others can read only).
I want the permissions to be: -rw-rw- - - -
(Owner and group should have read and write access, no one else should have any access)
I added UMask=0007 into a drop-in file. After that, files came with the permission of rw-r----- for a short time, but now they are being made with the default -rw-r - - r - - again. Systemd says the drop-in file is loaded, I can’t figure out why the mask isn’t working.
So really, I have two problems:
- Is there a way to make Syncthing create files with permissions of g=rw on Linux (GIVE additional permissions)? 2) Why isn’t my UMask working to remove “other’“ access?
I think I have configured the UMask correctly:
Systemctl status output:
$ systemctl status syncthing@syncthing.service ● syncthing@syncthing.service - Syncthing - Open Source Continuous File Synchronization for syncthing Loaded: loaded (/usr/lib/systemd/system/syncthing@.servi ce; enabled; preset: enabled) Drop-In: /etc/systemd/system/syncthing@.service.d └─override.conf Active: active (running) since Wed 2025-09-24 06:02:41 UTC; 6 days ago Docs: man:syncthing(1) Main PID: 25175 (syncthing) Tasks: 60 (limit: 38266) Memory: 905.4M (peak: 1.3G) CPU: 5h 15min 28.788s CGroup: /system.slice/system-syncthing.slice/syncthing@syncthing.service ├─25175 /usr/bin/syncthing serve --no-browser --no-restart --logflags=0 └─25185 /usr/bin/syncthing serve --no-browser --no-restart --logflags=0
And the contents of “/etc/systemd/system/syncthing@.service.d/override.conf” are:
[Service] UMask=0007