Syncthing between 2 FreeNAS servers with file ownership via NFS on Ubuntu 18

Joined
May 25, 2016
Messages
4
I have a home and an office FreeNAS setup with both upgraded to 11.2. I have successfully installed and set up Syncthing to sync both FreeNAS servers to each other.

I have NFS sharing set up from my home and office Ubuntu 18 PCs where /etc/fstab have entries to automatically mount each shared NFS folder on FreeNAS to Ubuntu using the same user id and group id Ubuntu uses to match the user id and group id on FreeNAS. The main user on each PC has a UID and GID 1000:1000 and the same username (mike) that I have set up on each FreeNAS server.

Where I am stuck is allowing the user on each PC to have read/write/execute access to the files. I tried using the steps on this page
https://www.ixsystems.com/community...plugins-write-permissions-to-your-data.27273/ and had these results:

Solution 1: In order to keep the easy access to the files from Ubuntu fstab the user needs to be UID 1000, not 983 for syncthing

Solution 2: I get the message
pw: uid `983' has already been allocated
when I enter
pw useradd -n mike -u 983 -d /nonexistent -s /usr/bin/nologin

Solution 3: I get the message
pw: gid `983' has already been allocated
when I enter
pw groupadd -n mike -g 983
If I try to make a group named mike with a GID 983 the name conflicts with the already created group named mike with a GID 1000 for Ubuntu mounting the share.

Solution 4: I get the message
chmod: FILENAME: Operation not permitted
for every file or folder I attempt to change permissions to include other to have full access.

I prefer to keep this share secure and not have it set to nobody:nogroup as outlined in the tutorial at https://www.zufallsheld.de/2014/12/14/installing-and-configuring-the-freenas-syncthing-plugin/.

I thought I could add the user to the Syncthing group and have the same access, however I cannot create or add any file to the Syncthing-owned folders, nor can I edit or modify any file.

Any ideas, questions, or comments? All is appreciated. Thank you.

My primary reason for using Syncthing is file versioning options as a protective measure for deleted or changed files accidentally by staff, with all files synchronized on my home server. This allows me to work at home, have our files on a 2nd server as an off-site backup measure, and I don't need to worry about VNC connection to access my work PC. Of course, I backup regularly on DVD/BluRay disks with an external HDD.

All of us need access to these files on all of our systems at any time. Having a server is a simple solution, but don't want to run into sync conflicts with running Syncthing on each PC to the server, which would force us to have all of our client files on every PC and/or having to maintain large HDDs on each PC.
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
If your shared FreeNAS dataset has owner/group mike:mike, then I read 1st step of solution 2 to mean you should add user mike with UID 1000 to the jail: pw useradd -n mike -u 1000 -d /nonexistent -s /usr/bin/nologin

Assuming you sort out the permission for syncthing, using both NFS and syncthing at the same time on the same data has the potential for conflict with file locking etc. Others more familiar with syncthing might chime in, but I would have thought you need to run syncthing on your PC clients as well your FreeNAS servers for this to work smoothly.
 
Joined
May 25, 2016
Messages
4
Hi KrisBee,

That did help clear up what I was doing wrong with that step. I was able to add my user to the jail. Unfortunately it still was not successful, meaning my user from my Ubuntu PC still cannot add or edit any files into or already existing in the mapped folder. I made sure to restart the jail and Syncthing afterwards, just in case.

Thank you for the suggestion.
 
Last edited:

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
Don't know if you've got this working how you wanted with a combo of syncthing and NFS, but I've set up this as quick test between two instances of FreeNAS running as VMs with the sync folder shared to a single Linux client via NFS in the way you described.

I'll add details of how I did it, if it is of interest to you. This is my first use of syncthing, you would need to test this to convince yourself that there is no conflict between NFS and syncthing operating on the same dataset at the same time.
 
Joined
May 25, 2016
Messages
4
Yeah that would be fantastic and helpful. I think I just can't see the forest from the trees and I am betting it is a simple step I am missing to get this working. I would appreciate the details. Thank you KrisBee.
 

KrisBee

Wizard
Joined
Mar 20, 2017
Messages
1,288
Yeah that would be fantastic and helpful. I think I just can't see the forest from the trees and I am betting it is a simple step I am missing to get this working. I would appreciate the details. Thank you KrisBee.

Details below. Obvious proviso is that I've no idea how you're multiple office user machines/accounts are setup, so this would be applicable to an individual user and not necessarily fit with any existing user/group account scheme in your office.

As you know, installing the “syncthing” plugin creates a “jail” in which the process is run by the “syncthing user” with a user & group id of 983:983
If the data you wish to sync is in your main pool, then it will be the “source directory” when you add one or more mount points to your “syncthing” jail. In order for the “syncthing user” to have full rw access to the pool data within the jail, the pool data should also have an owner & group of 983:983 As the matching UID & GID don’t pre-exist on the FreeNAS host, they have to be addded.

1. via Accounts > Groups, add a new group with an id of 983
2. via Accounts > Users, add a new user with an id of 983, uncheck “new primary group” and select the newly added group for the primary group. Do not enable password login and set the shell to “nologin”.

Let’s say you called these sycnuser & sycngrp. Now any pool dataset you want the “syncthing jail” to access can be given “syncuser” as the owner and ”syncgrp” as the group. But, your user Mike (UID:GID of 1000:1000) can’t access such a dataset. As a dataset can’t have more than one owner: logically, access can only be granted via a common group. Mike needs to be in the “syncgrp”.

3. via Accounts > Users, edit Mike’s user configuration add the new “syncgrp” to the user’s “Auxillary Groups”.
4. Any dataset you want to sync, should be given a user of “syncuser” and group of “syncgrp” and be group writeable, so set the permission to owner=rwx and group=rwx, other is your choice.

As Mike is not going to login to FreeNAS to access data, but is going to mount it locally on their machine via a NFS share, how do you get Mike into the “syncgrp” on their local machine? The answer is you don’t need to if you make use of the “Mapall User” and “Mapall Group” options when defining the share on FreeNAS.

5. For any dataset being synced and shared via NFS, select the “advanced mode” to set the values of “Mapall User” and “Mapall Group” to the appropriate user, and “syncgrp” respectively.

6. Test thoroughly.
 
Top