Created attachment 441656 [details, diff] Patch /etc/init.d/syncthing to move the -home directory, fixing permissions Seeing as the developers are adamant on having the -home directory 700 [1], I would like to suggest placing the -home in /var/lib/syncthing/.config This way /var/lib/syncthing can remain at whatever permissions the admin wishes, while still allowing permissions to keep "confidential information" secure. A suggested patch for the service is attached that accomplishes this. [1] https://github.com/syncthing/syncthing/issues/3434
Seeing as /var/lib/syncthing is the *configuration directory* of Gentoo installation of Syncthing, I am not quite convinced placing shares inside that directory is a good idea - it seems like asking for accidental leakage of the aforementioned sensitive data. That said, there is in fact a different reason for why we shouldn't pass /var/lib/syncthing itself as -home - this is only done in the OpenRC init script. The systemd unit does not set -home so for the same user, Syncthing launched via systemd uses /var/lib/syncthing/.config/syncthing instead. Such inconsistency should be avoided - and given systemd units come from upstream, it is the OpenRC script that should be updated.
As of commit 082959243dca77d3c4d00100e86555650fc5b439, the default Syncthing configuration directory used by /etc/init.d/syncthing is /var/lib/syncthing/.config/syncthing - i.e. the same as for the upstream-provided systemd unit syncthing@syncthing.service. Thanks for bringing this to my attention!