I’m using SyncThing to sync a password database between a Linux PC and an Android phone. I’ve recently noticed that while the password database itself is restricted to my own user, SyncThing kept creating
*.sync-conflict-* files that are world-readable, therefore exposing the password database to other users, e.g.:
-rw------- 1 mgorny mgorny 56K 11-13 05:04 Passwords.kdbx -rw-r--r-- 1 mgorny mgorny 51K 10-20 07:49 Passwords.sync-conflict-20231023-155348-DLDPJRE.kdbx
Is this a problem with my setup, or perhaps a bug?