Sync of a root file (Home Assistant)

I have an installation of Home Assistant in my Linux Mint computer. Home Assistant config has a file called “auth”, created and often overwritten by the same app. This file belongs to root. I have tried to exclude this file from sync process because for me it is not mandatory to have it synched (even if I’d prefer). I did this adding this “ignore pattern”: /home/USER/sincronitzat/pc-USER/Documents/homeassistant/homeassistant_config/.storage/auth But syncthing keeps complaining about this file: reports it as a “failed item” and the whole folder is reported as “out of sync” written in red.

Is there a way to include this file in the sync process being root owned?

How can I exclude this file from synching process?

Thanks community!!!

Ignore patterns are relative to the folder root that is configured in Syncthing. Your absolute path won’t match.

Syncing the file is probably going to require running Syncthing itself as root. Which is probably less than desirable for security reasons.

OK André thanks for your help! I changed the ignore pattern to: homeassistant/homeassistant_config/.storage/auth And that worked.

If anyone knows a trick to sync a root owned file (present inside the root sync folder) without running syncthing as root it will be appreciated!

What filesystem is the storage volume that contains /home/USER/sincronitzat/pc-USER/Documents/homeassistant/homeassistant_config/.storage/auth?

Is Syncthing running as the USER referenced in the path above?

Hi Gadget! Filesystem is ext4 and Syncthing is running as USER as you say.

It’s unusual to have root creating/updating files several subdirectories deep within a regular user account, so the ideal solution is to figure out why that is and try to fix it that way.

However, if that isn’t an option, there are a few potential alternatives. Which one is best will depend on how the auth file is being created/updated (e.g. is Docker involved, etc.):

  1. If file /home/USER/sincronitzat/pc-USER/Documents/homeassistant/homeassistant_config/.storage/auth is updated in-place instead of being deleted then recreated, a simple chmod a+r auth might be enough. Of course this assumes that Home Assistant doesn’t reset the permission bits.
  2. If chmod isn’t enough, then setfacl might be a solution (getfacl and setfacl are part of the acl – access control list – package).
  3. Set the umask so that Home Assistant creates files that are always readable by your USER account.
  4. Use bindfs to present a virtual storage volume that Syncthing has full read-access to.

Without knowing what the current permissions look like (e.g. seeing the output from ls -l auth), I’m making some assumptions and guesses so I’m not able to be more specific about the commands for options 1, 2 and 3.

Option 4 is a bit more complicated to understand, but really quite easy to implement. The basic idea is to present an alternate view of the files and directories to Syncthing – one where the contents are owned by the user running Syncthing.

First, you’ll need the bindfs package. It’s not usually installed by default but every Linux distro I’ve ever used lately includes it in its official package repository.

Then based on what you posted earlier, set up the bind mount with the following command (or another suitable method):

mount --verbose --types fuse.bindfs --options ro,noatime,force-user=USER,force-group=USER /home/USER/sincronitzat/pc-USER/Documents/ /mnt/Documents/

(The ro and noatime options can be left out if you want read/write access and access times to be updated.)

If the mount is successful, the contents of /mnt/Documents/ will all be virtually owned by user USER and group USER regardless of the real ownership in the underlying ext4 filesystem. As long as the user running Syncthing matches, there will be no read-access issues. As far as Home Assistant is concerned, nothing has changed because it’s still using /home/USER/sincronitzat/pc-USER/Documents/homeassistant/ while Syncthing is simultaneously accessing via /mnt/Documents/homeassistant/.

(The mount point /mnt/Documents/ is just an arbitrary choice so it could just as well be /home/USER/Syncthing/. Wherever it is, point Syncthing at it.)

Of course, if you’re not just sending the contents of /home/USER/sincronitzat/pc-USER/Documents/ to another device, but also receiving changes, you’ll have to make the appropriate adjustments.

3 Likes

Hi Gadget, many thanks for your comprehensive answer, and sorry for my late reply. I made a test with your 1 option and will see what is the result in a few hours.