Umask on synology

Support
1

hi

We are running syncthing on synology. All PC on local network are synchronized correctly.

But users out of local network are connecting to synology over its WEB. They dont need all data which are synchronized on local net.

Problem: syncthing process who is running on synology is creating files and directories with correct UID and GID {syncthing:users} BUT with wrong permissions.

All users which are connecting to synology over WEB are in group “users”.

Permissions of new files and directories created by syncthing are "-rw-r–r--" That is not good. We need “-rw-rw—” so users in group can read and write.

Trying to change umask for users syncthing on synology. This can be done over file .profile in home dir. But that is not working.

any idea? thanks

2

I did change umask in /etc/profile and restart synology. NO change.

syncthing process is using umask 022 but we would like to use 006

3

This is

4

okay

for now I am going to run these in sync folder on synology

find -type d -user syncthing -exec chmod 770 {} \;
find -type f -user syncthing -exec chmod 660 {} \;

I think that cron will run that each 15minutes

5

The umask isn’t used: syncthing copies the permissions from the source node. If you want to change the permissions, you will have to change it there.

6

I did find it out. Copy permissions from source is okay. On linux I can control that easily, but on windows it is not so easy.

7

Yeah. We should probably honor the umask when the source doesn’t send the full set of permfissions (I.e. FAT file systems and our limited understanding of NTFS ACLs).

8

If the note next to Ignore permissions said “Use on Windows systems” rather than “Use on FAT file systems” this would probably have saved me an hour or so. All files created on windows were coming through as read only on ubuntu,

9

Hi,

i see that the issue mentionned above has been closed (https://github.com/syncthing/syncthing/issues/1339).

I am testing Syncthing, and i have the same problem as the original poster:

  • the umask of user syncthing is set to 0022 via a .profile file in the home folder
  • when logged in as syncthing, creating a file or directory gives the correct expected permissions (-rw-rw-r-- / drwxrwxr-x)
  • when a file/folder is replicated from another device (Ignore Permissions is set to true on both devices for this folder), they have incorrect permissions (-rw-r--r-- / drwxr-xr-x)

I am running the latest version: v0.12.19, Linux (ARM)

I looked a bit into the startup scripts of the Synology packages, but cannot pinpoint exactly if umask is applied properly or not :confused:

If anyone could help on this, that would be appreciated.

thanks

10

If you have a start script, just explicitly set the umask there before starting syncthing. Then you don’t need to worry about whether .profile is processed or not.

11

I am still using mentioned solution in my post.

12

I use the SynoCommunity package of Syncthing, which relies on busybox start-stop-daemon, which doesn’t support umask (https://github.com/SynoCommunity/spksrc/issues/2140)

All the other apps used on my Synology NAS offers an option to override the permissions of files/folders, for instance Transmission, Sonarr, Couchpotato, all have an option to override either the umask, or to chmod or even chown the files they create.

Can’t we have something like that in ST ?

13

Syncthing does that by default - it sets the permission to the same as the other side, as part of syncing.

14

That’s not what’s required here.

I share something from my own computer, which has right set as user only (700/600), towards my NAS, which has its own ACL management, but for this to work the files and folders must be available to the Unix group, and not just the syncthing user running the daemon (770/660). And I don’t want to change my permissions to give rights to a local computer group so that users on the nas can access the files.

Basically at the moment it’s only possible to replicate permissions (which in my opinion doesn’t mean much when the user:group on both sides are not the same at all), or ignore permissions and hope that the system on which you run ST will let you use umask correctly.

Can’t we have a new configuration per folder that let you override the permissions with new ones?

15

I have the same problem as the original poster but on Debian 8.3.

I have checked “Ignore permission” on both devices

The umask of user syncthing is set to 002 via a .profile and .bashrc file in the home folderwhen logged in as syncthing.

On SSH remotely with the user syncthing connected if I create a new file, the permissions are -rw-rw-r--

If I create a new file on windows, when it syncs with Debian the file permissions are : -rw-r--r--

Thanks for help, actually i’am using an ugly cron.

I’am starting like that Syncthing :

syncthing_USERS="syncthing"
DAEMON=/mnt/DisqueB/syncthing/syncthing

startd() {
  for stuser in $syncthing_USERS; do
    HOMEDIR=$(getent passwd $stuser | awk -F: '{print $6}')
    if [ -f $config ]; then
      echo "Starting syncthing for $stuser"
        sleep 3
      start-stop-daemon -b -o -c $stuser -S -u $stuser -x $DAEMON
    else
      echo "Couldn't start syncthing for $stuser (no $config found)"
    fi
  done
}
16

i think you need to set -k option to specify the umask with start-stop-daemon

1 Like
17

It works thanks a lot ! start-stop-daemon -b --umask 0002 -o -c $stuser -S -u $stuser -x $DAEMON

18

@calmh, i played around with the startup script on Synology, and got something working (or WIP at least) with proper umask, however it seems the proper umask is not applied when ST first creates a folder (when you add a folder or accept a folder from another device).

19

There is a ticket for this one.

2 Likes