So I am trying to sync between my Mac and a FreeNAS. For those of you not familiar, FreeNAS is an open-source OS that turns any x86 box into a free-standing NAS with a web GUI, based on FreeBSD. Syncthing is available as a plugin for FreeNAS, and runs in a jail (for those familiar with that UNIX concept).
The rub in my case is that the FreeNAS can connect to a Windows Domain Controller on the network and serve Samba shares and have their permissions managed by the domain controller. Unfortunately this makes for some interesting permissions issues, because the FreeNAS (UNIX) imports the Active Directory users and groups (Windows) from the domain controller, where they are utilized side-by-side with traditional UNIX users/groups. Then the Samba shares on the FreeNAS are owned by the Windows Administrator account and their group is the Windows Domain Users. They have to be this way, so Windows client machines can access the shares and read/write to them.
So I am trying to have two Samba shares sync up to a USB hard drive plugged into a Mac. To be clear, Syncthing is running in a plugin on the FreeNAS itself, so Syncthing is accessing those folders directly, not through Samba.
So the Syncthing plugin runs as a UNIX user ‘syncthing’. Starting out, the FreeNAS instance of Syncthing could not write anything to those shares, because they were owned by the Windows Administrator and grouped as Windows Domain Users. So initially, UNIX user ‘syncthing’ had no access to write in those directories. So in the UNIX command line of the FreeNAS, I used the getfacl command to create ACLs granting ‘full_set’ permissions to UNIX user ‘syncthing’, while still preserving Windows Administrator and Windows Domain Users as the owner/group.
My initial tests were creating empty folders on both sides and with these permissions/ACLs things seemed to work both ways. When I started moving files, I found stuff made it fine on the Mac side. However on the FreeNAS side, the files complete, but never get renamed. So they end up sitting there with a .syncthing prefix and a .tmp suffix.
To prove that the issue lies with permissions in some way, as it relates to the Windows Domain user/groups, I created another shared folder between the Mac and a non-Samba folder on the FreeNAS that is only accessible through its UNIX command line. On the FreeNAS side, this folder is fully owned by UNIX user ‘syncthing’, not just an ACL. This worked like a charm.
So in the case of the Samba shares, permissions seem to be such that it is writable by Syncthing. But something is preventing it from changing the .tmp files to what they should really be when transfer is complete.
My only initial theory is maybe I have to check permissions on some dot-file of Syncthing’s on the FreeNAS that is crucial to it knowing when to rename a completed file properly?