Operation not permitted when i use 'copy ownership from parent'

Hello,

So i’ve got two CentOS servers syncing the /home directory for both servers. I created a new user called ‘syncthinguser’ and i run it using that user. I’ve used ACLs sosyncthinguser has read and write access to everything in /home.

When Master syncs to Slave, it’s fine because i don’t have ‘Copy ownership from parent’ checked as it’s not needed however, any files synced from slave to master need to inherit the parent folder group:owner.

So i’ve got everything configured, the only problem is i get an operation not permitted.

Log: 2019-11-07 16:38:49 Puller (folder “Master Home Folder” (default), item “website/public_html/wp-content/themes/twentynineteen/header.php”): copy owner from parent: lchown /home/website/public_html/wp-content/themes/twentynineteen/.syncthing.header.php.tmp: operation not permitted

What i’ve tried:

I set ACLs read and write for /home directory & /usr/bin/syncthing (binary) for user syncthinguser.

I also set the cap for the binary (/usr/bin/syncthing) by using this command: setcap ‘CAP_CHOWN,cap_fowner=+ep’ syncthing

And i confirmed the CAP has been set using getcap.

I could run the process as ROOT but i prefer to reduce the exposure as much as possible by doing it through a user with the extra capability.

Thanks!

Sounds right to me, but I’m not a Linux capabilities expert. CentOS has a history of funky systemd bugs plus SELinux and things like that, maybe something else is intervening or dropping the capabilities.

I gave the user sudo access, is there a way to force the lchown command ran by Syncthing to use sudo?

Sudo has nothing todo with this. Syncthing does not shell out to chown to do it’s work.