I have had syncthing running on my servers in the past as a system service, which involves creating a service that runs as a specific user. Initially this posed a challenges as I was only able to synchronize files and folders created or owned by the user under which the service was running.
In order to give permissions to that same user to a folder that wasn’t owned by that user, I would have to add them to the file/folder structure by altering the ACL.
setfacl -Rm u:someuser:rwx file
Etc.
Only then would creating a new sync folder actually work (.stfolder marker, etc.)
I’m setting up a new system and I’m wondering if there’s a way to create a user that doesn’t need to be explicitly added to each intended sync location like this. I suppose it’s not much different than having the service run as root, which is not recommended. Just wondering if there’s an easier way.
Come to think of it, here’s an ACL permissions question:
If I create a folder /thisfolder and I add the user whomever to that folder using setfacl, if I add folders beneath that /thisfolder/folder (for example) do the ACL permissions propagate to the new content? If that’s the case then I could simply make sure that all of my sync’d folders reside under a single folder root and just apply the ACL settings to that folder tree.
Thoughts?
3 posts - 2 participants