other users can't modify files written by syncthing


I’ve got Syncthing running on a Rocky Linux 8.6 server at my office and on an iMac at home. At the office, the directory that syncthing is syncing is also shared to local users via SMB. I’ve got two users: User1 has access to all SMB shares on the server, and User2 can only access certain SMB shares. Both User1 and User2 are part of the smbusers group, and the goal is to have both users have full read/write/exec permissions on the SMB share. Currently, this is taken care of ‘force group = smbusers’ in SMB config. I’ve got Syncthing running as User1 on the server.

The problem is, when I add files from the home iMac, the files that get synced to the Rocky server do not have the correct permissions to allow User2 to modify the files. Specifically, User1, when connected via SMB, will create files with permisisons drwxrwx— but Syncthing (running as User1) will create files with permissions drwxr-xr-x, in which case User2 can see the files, but not delete/modify them.

I’ve got Ignore Permissions checked on both ends, and have tried unchecking Ignore Permissions on the Rocky side with the same result. I’ve also tried the setgid bit to inherit permissions, but that hasn’t worked either.

In my mind, I need a way to get the Syncthing process to write with certain permissions, but I’m unsure about how to do that. Perhaps I could take care of this with ACL’s, but I’m unsure how those work, and in checking what my ACL is setup as on the directory, from what I can tell it should work.

Any suggestions?

Nevermind, I got it!

I had to set a default ACL. The magic command was:

setfacl -Rm d:g:smbusers:rwx directory/

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.