So I am trying to sync between my Mac and a FreeNAS. For those of you not familiar, FreeNAS is an open-source OS that turns any x86 box into a free-standing NAS with a web GUI, based on FreeBSD. Syncthing is available as a plugin for FreeNAS, and runs in a jail (for those familiar with that UNIX concept).

The rub in my case is that the FreeNAS can connect to a Windows Domain Controller on the network and serve Samba shares and have their permissions managed by the domain controller. Unfortunately this makes for some interesting permissions issues, because the FreeNAS (UNIX) imports the Active Directory users and groups (Windows) from the domain controller, where they are utilized side-by-side with traditional UNIX users/groups. Then the Samba shares on the FreeNAS are owned by the Windows Administrator account and their group is the Windows Domain Users. They have to be this way, so Windows client machines can access the shares and read/write to them.

So I am trying to have two Samba shares sync up to a USB hard drive plugged into a Mac. To be clear, Syncthing is running in a plugin on the FreeNAS itself, so Syncthing is accessing those folders directly, not through Samba.

So the Syncthing plugin runs as a UNIX user ‘syncthing’. Starting out, the FreeNAS instance of Syncthing could not write anything to those shares, because they were owned by the Windows Administrator and grouped as Windows Domain Users. So initially, UNIX user ‘syncthing’ had no access to write in those directories. So in the UNIX command line of the FreeNAS, I used the getfacl command to create ACLs granting ‘full_set’ permissions to UNIX user ‘syncthing’, while still preserving Windows Administrator and Windows Domain Users as the owner/group.

My initial tests were creating empty folders on both sides and with these permissions/ACLs things seemed to work both ways. When I started moving files, I found stuff made it fine on the Mac side. However on the FreeNAS side, the files complete, but never get renamed. So they end up sitting there with a .syncthing prefix and a .tmp suffix.

To prove that the issue lies with permissions in some way, as it relates to the Windows Domain user/groups, I created another shared folder between the Mac and a non-Samba folder on the FreeNAS that is only accessible through its UNIX command line. On the FreeNAS side, this folder is fully owned by UNIX user ‘syncthing’, not just an ACL. This worked like a charm.

So in the case of the Samba shares, permissions seem to be such that it is writable by Syncthing. But something is preventing it from changing the .tmp files to what they should really be when transfer is complete.

My only initial theory is maybe I have to check permissions on some dot-file of Syncthing’s on the FreeNAS that is crucial to it knowing when to rename a completed file properly?

Maybe the syncthing user somehow has permissions to write to the directory, but not to alter/delete existing files within it? I don’t really know about ACLs, but if that samba setup requires files to be owned by any other user but the user running Syncthing, that won’t work as Syncthing creates and replaces files, i.e. it will own files that are synced. Maybe there also is a way to setup samba to work with groups: Those can be enforced such that they are not changed by Syncthing with the setguid bit, but that depends on your specific setup/requirements and there are probably caveats I didn’t think of right now.

How do you know that the files are transferred completely? Syncthing uses truncate to make empty files with the size of the incoming file, so their size will always be the final size.

Oh I had no idea it did that. Thanks

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.