I’d like some advice on setting up Syncthing for multiple users. Whilst I realse Syncthing doesn’t actually have native “multi-user” support, please hear me out… (As I think Syncthing is probably the best tool for the job):
What I have:
A centralised NAS on the local network (LAN)
Multiple devices (wife myself, etc)
What I want:
Syncthing on each device
Syncthing on NAS
Sync files/folders between each device/user <-> NAS
I probably have to run a Syncthing daemon/instance per user on the NAS right? And point each instance to /some/path/user/Sync – Then provide the Device ID of said instance to each device/user.
Does this sound about right? Does this sound like a reasonable multi-user setup?
Ultimately this makes (if this will work nicely) backing up important data (Documents, etc) much easier as I can just focus on backing up one dataset (Sync) on the NAS.
Will there be any sharing of files/folders between devices and/or users?
It depends on the overall requirements (e.g, privacy, trust).
It’s possible to have just one Syncthing instance on the NAS for multiple users while still preserving privacy by using Syncthing’s “Receive Encrypted” feature if access to the user running Syncthing on the NAS is restricted.
Yes, whenever there’s an always-on device available, a “hub and spoke” configuration is generally easier to set up and maintain compared to a mesh setup where every device connects to every other device in a cluster.
So glad that you mentioned that you’re backing up the NAS rather than using Syncthing as a backup tool.
Can you please point me to documentation or explain how this works? Running a single Syncthing instance on my NAS for my wife/I (and in future children) just for syncing important files/docs, etc, would be ideal. Looking at the configuration options I would have to muck around with ports if I have to run multiple instances. A single instance would be ideal
Oh haha I actually use restic as my backup tool, but use the NAS (running a ZFS pool) as a “central hub” of data. Hope this makes sense – Also I don’t trust any Cloud™ services of any kind
Don’t see why you’d need receive-encrypted folders in a single-instance setup with multiple trusted users (nor what it would achieve). You can just have a single instance with different folders for different users, pointing at different paths and e.g. prefixing the persons names to the folder labels for some order.
The basic setup is the same as for just two devices:
On the NAS, configure a single instance of Syncthing (the user running it would own all files and folders synced with it).
On a device, share one or more Syncthing folders with the NAS.
As more devices are added, use consistent Syncthing folder labels to help with organization, e.g., “MacBook: Pictures”, "MacBook: Documents, “Dell Inspiron: Documents”, “Samsung Galaxy S22: DCIM”, “iPhone 14: Photos”, etc.
On each device, let Syncthing auto-generate the folder IDs (e.g., abcde-fghij) rather than be tempted to manually assign a name such as “Documents”, which is almost guaranteed to have a naming collision at some point as more devices are added.
Because each new shared folder must be accepted on the NAS, there’s no chance that a user on a particular device can simply add a new shared folder that trashes another user’s shared folder without notice. This is also where sticking with the auto-generated 10-character folder IDs comes in handy – a user on another device must know the folder ID to access its contents.
Because you’re not intending to share data between devices, there’s little reason to allow 2-way sync, so set every Syncthing folder on the devices to “Send Only” to prevent changes on the NAS from propagating out to the devices.
On each device, optionally mark the NAS as “Untrusted” under the “Remote Devices” panel. This forces an encryption password be set when sharing a Syncthing folder with the NAS. On the NAS, the corresponding receiving Syncthing folder changes to “Receive Encrypted”. This provides a layer of privacy, but the downside is that proper password management is critical.
It says “optional”, but I think it really should be “possible but not advisable”: It also makes the local filesystem state completely unintelligible. Which is likely undesired for backup. And the feature is still in beta. And possibly more. So again, I don’t see any indication that this feature should be used in the desribed use-case, quite the contrary.
I’d add that as mentioned in the first post, the NAS is a local device, so why not simply encrypt the whole drive on it? This should already be the case anyway if security is important for the user here.
Thanks! It’s been a crazy day so I forgot to mention the beta status after remembering to include a link to the documentation.
Yes, I completely agree that the pros/cons need to be carefully considered. Personally, I prefer not to encrypt backups (or at least keep one unencrypted just in case).
But at the same time, some users might be in situations where it’s necessary, so I thought the feature was still worth mentioning.
I actually use 
– Also I don’t trust any Cloud™ services of any kind 
