I’m having trouble getting the setup right when running the Syncthing daemon as an unprivileged user on Linux. In my case it’s Gentoo Linux, the install from the public repo runs Syncthing as “syncthing:syncthing”.
Now, I’d like to sync directories of different users located in their home directores. For example, let’s assume the following directory to be synced:
drwxr-xr-x jdoe:jdoe /home/jdoe/shared
Obviously, Syncthing can’t write into this directory, so for testing, let’s go 0777:
drwxrwxrwx jdoe:jdoe /home/jdoe/shared
In order for the synced files to get the ownership of the parent assigned, I’ve checked the advanced directory setting “Copy Ownership From Parent” and granted capabilities to the “syncthing” binary.
setcap "cap_chown,cap_fowner=+ep" /usr/bin/syncthing
I can now sync files in the synced directory and the parent owner is assigned.
However, when I sync a subdirectory, it gets default permissions assigned e.g.:
drwxr-xr-x jdoe:jdoe /home/jdoe/shared/subdirectory
And any files inside this subdirectory won’t be synced anymore because, again, Syncthing can’t write into the subdirectory.
(A solution would be changing the umask of the Syncthing daemon to 000, however, it defeats a bit the purpose of having any access control.)
I guess I’m missing a bit here since I’ve seen others playing with capabilities and reaching a working solution. Any ideas what this missing bit could be?
Thanks for your help!