I am running syncthing on a Solaris server and syncing the server content against a range of windows clients. Everything runs smooth except for the file permissions. Non of the windows-users is allowed to apply changes to any of the files.
On the solaris machine Syncthing runs under a useraccount named ‘Sync’. User Sync is part of the user-group called “staff”. All windows-user belong to group “staff”. The solaris-CIFS server maps all usernames to windows-names. I suppose the problem arises from the fact, that Syncthing is creating all files with permissions that exclude write-access for group members:
-rwxr-xr-x+ 1 Sync staff 33783808 Feb 24 08:53 some_file.txt
Is there a way to change this behaviour?
I’ve tried to change the umask setting to 0022 but this didn’t help. I really appreciate any help on this issue.
If you set the ignore permissions option Syncthing will avoid doing chmod and thus your umask should take effect – assuming it’s set in the shell that starts Syncthing, etc.
You can set this option on either side. (If you set it on Windows then the files won’t have any permission info when they reach Unix, so no chmod. If you set it on the Solaris side it will just always skip chmod regardless.)
Without this option Syncthing will set the same permissions as on the other side, which I guess might be 0644 from the Windows side. That’s synthesized somewhere from the information available, as the mode bits in question aren’t a thing on Windows of course.
Exactly, just recently came by this in a different context:
// There is no user/group/others in Windows' read-only attribute, and
// all "w" bits are set if the file is not read-only. Do not send these
// group/others-writable bits to other devices in order to avoid
// unexpected world-writable files on other platforms.
m &^= 0022
Thank you for your suggestion. The “ignore permissions” option indeed causes all files to be 666, which is not what the umask telss it to be, but this seems to be a solaris/CIFS issue rather than related to syncthing.
However, is there a way, to explicitly tell syncthing to use certain UID/GID when generating files ?
It uses the UID/GID of the process it runs as. I’m pretty sure it obeys the umask, but as I mentioned it needs to be set in the environment inherited by the Syncthing process.
thank you for your kind support on this matter. I finally got it to work. When syncthing is run with a user UID/GID that is shared via Solaris/CIFS with all Windows-users everything works fine.
On that note, would it be (theoretically) possible to start the syncthing-service under solaris multiple times using different user-IDs ?