Hi all, I've started to play with FreeNAS. One of the things I'm trying out is the Syncthing plugin and I'm seeing strange behaviour with an ACL dataset. I've posted the following to the Syncthing forum, as I don't know enough about BSD to figure out what's the cause of the problem:
I have a strange Syncthing plugin problem on FreeNAS.
I've created a separate ZFS dataset (think of it as a drive partition) for Syncthing. When creating a dataset, you can choose for it to use either Unix permissions or ACLs.
Since FreeNAS plugins run in FreeBSD jails, its users and groups are separate from base system's users and groups. In addition to that, any storage external to a jail must be explicitly mounted.
There are several approaches in setting permissions to make mounted storage available to jail users. The one I use in this scenario is to have a group in the base system (e.g.
Now, I have a Win10 laptop with Syncthing running (already syncing a few directories to an RPi). I've tried sharing two directories with the FreeNAS Syncthing instance (one is my Documents directory, the other one the phone photos directory already synced with my Android phone)
Initially, I've only created the
If the
However, if I create the
Files in
UPDATE:
I understand that
The only difference I found was that phone photos on my laptop inherited permissions from my home dir and files in the Documents directory had explicit permissions set.
I then made sure that my home dir and everything in it is owned by me and reset all the permissions on files and directories in the home dir to inherit from the home dir. Made sure that files in the Documents directory inherit permissions.
Then I removed both shares from the FreeNAS Syncthing, deleted both directories from the FreeNAS storage and re-added both shares. Phone photos share synced without problems, the documents share keeps reporting failing
According to Syncthing maintainer, Syncthing requires
I can only see two different scenarios here which would explain why syncing
1. Syncthing doesn't
2.
I have a strange Syncthing plugin problem on FreeNAS.
I've created a separate ZFS dataset (think of it as a drive partition) for Syncthing. When creating a dataset, you can choose for it to use either Unix permissions or ACLs.
Since FreeNAS plugins run in FreeBSD jails, its users and groups are separate from base system's users and groups. In addition to that, any storage external to a jail must be explicitly mounted.
There are several approaches in setting permissions to make mounted storage available to jail users. The one I use in this scenario is to have a group in the base system (e.g.
backup
, GID=1003) and set desired permissions on the directory in the base system. Then, create a group with the same GID in the Syncthing jail and add the syncthing jail user to that (jail) group. That way, base system's group permissions effectively get propagated to the same group inside the jail.Now, I have a Win10 laptop with Syncthing running (already syncing a few directories to an RPi). I've tried sharing two directories with the FreeNAS Syncthing instance (one is my Documents directory, the other one the phone photos directory already synced with my Android phone)
Initially, I've only created the
sync
dataset on FreeNAS and let Syncthing create a top-level directory when creating each share (documents
and phone_photos
)If the
sync
dataset is created with Unix permissions, everything works as expected.However, if I create the
sync
dataset with ACLs (Windows permissions), the phone photos share gets synced properly, but the documents share fails with an error like finisher: chmod /mnt/bozho/documents/My Games/Borderlands/WillowGame/Logs/.syncthing.Launch-backup-2017.03.13-21.56.32.log.tmp: operation not permitted
for every file. All subdirectories under documents
get created.getfacl
on documents
returns:Code:
# file: documents/ # owner: syncthing # group: backup owner@:rwxpDdaARWcCos:fd----I:allow group@:rwxpDdaARWcCos:fd----I:allow everyone@:r-x---a-R-c---:fd----I:allow
phone_photos
(the one that gets synced properly) has the same permissions, as does the Logs
directory with the .tmp
file.getfacl
for the .tmp
file returns:Code:
# file: .syncthing.Launch-backup-2017.03.13-21.56.32.log.tmp # owner: syncthing # group: backup owner@:rwxpDdaARWcCos:------I:allow group@:rwxpDdaARWcCos:------I:allow everyone@:r-x---a-R-c---:------I:allow
Files in
phone_photos
have the same permissions.UPDATE:
I understand that
chmod
doesn't work on ACL storage, which makes the documents
share behaviour expected, but doesn't explain why phone_photos
share does work.The only difference I found was that phone photos on my laptop inherited permissions from my home dir and files in the Documents directory had explicit permissions set.
I then made sure that my home dir and everything in it is owned by me and reset all the permissions on files and directories in the home dir to inherit from the home dir. Made sure that files in the Documents directory inherit permissions.
Then I removed both shares from the FreeNAS Syncthing, deleted both directories from the FreeNAS storage and re-added both shares. Phone photos share synced without problems, the documents share keeps reporting failing
chmod
.According to Syncthing maintainer, Syncthing requires
chmod
to work on the system, as it chmod
s each file.I can only see two different scenarios here which would explain why syncing
phone_photos
share works when it shouldn't:1. Syncthing doesn't
chmod
files in some cases.2.
chmod
does work on ACL storage in some cases.