storing .stfolder elsewhere

I would like to store .stfolder in a location other than the folder path because the directory is visible from the FTP server but may not be vulnerable because the owner and group of .stfolder are synching and not FTP.

I may be overthinking security/functional risks. Would appreciate an opinion.

More details about the environment are below.

I am running a sacrificial VM on the cloud with an FTP server. I’m using syncthing to pull down data received on the sacrificial VM into my client’s network. I know it’s not very elegant, but I don’t want a live FTP server inside a network I’m responsible for.

The FTP server is running chrooted, and I would prefer to store the .stfolder folder somewhere else outside of the chrooted environment. I’ve made syncthing work by making synching ( the user) a member of the FTP group. Unfortunately, .stfolder is visible to any user logging into their virtual FTP account.

feedback?

You can use a different folder or file as your marker (see https://docs.syncthing.net/users/config#config-option-folder.markername). The path is relative to the root of the Syncthing folder, however please keep in mind that the whole reason for having .stfolder (or a custom marker) in the folder root is to prevent a situation where all files are gone (e.g. because the folder has been unmounted) and Syncthing happily deletes everything on other devices as well.