mirror/syncthing
1
0
Fork 0
mirror of https://github.com/syncthing/syncthing.git synced 2026-06-03 20:14:50 +00:00
Code Issues Projects Releases Packages Wiki Activity
Open Source Continuous File Synchronization https://syncthing.net/
8,120 commits 8 branches 677 tags 258 MiB
  • Go 84.6%
  • HTML 7.1%
  • JavaScript 5.7%
  • Shell 1.8%
  • CSS 0.7%
Find a file
Exact
Jakob Borg 6df85dc95c
 fix: let umask do the thing (#10723) 
We had a few places where we had perhaps too much of an opinion on the
permissions on created files and directories, sometimes fuled by a
misconception about how permissions work in both Unix and Windows. Recap
on the ground rules:

- On all unixes, all file & directory creation (`Mkdir`, `MkdirAll`,
`Create`, `WriteFile`, `Open`) has the given permission bits filtered
via the user's umask. The proper permissions for us to use are in almost
all cases 0o666 for files and 0o777 for directories, strange as that may
look at the call site.
- On Windows, there is no umask but in turn all of the permission bits
except the user write bit are ignored. The absence of user write bit is
converted into the read only attribute. This means that what is proper
for Unix above is also proper for Windows.
- We make an exception when creating files for certificate keys and the
config / database directories, as those contain secrets we think should remain closed
even if the user generally collaborates with other users on the system.

(Also removal of a bugfixed copy of MkdirAll for Windows that hasn't
been necessary for a few years.)

---------

Signed-off-by: Jakob Borg <jakob@kastelo.net>
2026-06-03 10:54:04 +02:00
.github Revert "build: temporarily disable illumos for release" 2026-05-23 12:00:07 +02:00
assets fix: on Windows don't allocate console if not opened inside one (#10726) 2026-06-02 14:00:38 +02:00
cmd fix: let umask do the thing (#10723) 2026-06-03 10:54:04 +02:00
etc fix(systemd): add back chown allowed syscalls (#10605) 2026-03-13 12:53:36 +01:00
gui fix(gui): properly escape filenames in fancytree 2026-06-02 16:54:21 +02:00
internal chore: use path/filepath for local file system paths (#10705) 2026-05-23 22:31:33 +02:00
lib fix: let umask do the thing (#10723) 2026-06-03 10:54:04 +02:00
man chore(gui, man, authors): update docs, translations, and contributors 2026-06-01 05:22:49 +00:00
meta Merge branch 'main' into v2 2025-05-21 08:35:12 +02:00
proto chore: remove tracking inode change time (#10579) 2026-03-22 20:24:03 -07:00
relnotes docs: release notes for 2.1 2026-04-26 12:23:35 +02:00
script fix: let umask do the thing (#10723) 2026-06-03 10:54:04 +02:00
test chore: systematic syncthing_build_info metric 2026-04-06 09:44:49 +02:00
.codecov.yml build: Add test coverage info (#7502) 2021-04-05 10:25:39 +02:00
.deepsource.toml build: Fix deepsource test & exclude patterns (#7969) 2021-09-26 12:08:59 +02:00
.gitattributes
.gitignore chore: remove abandoned next-gen-gui experiment (#10004) 2025-03-29 13:20:35 +01:00
.golangci.yml chore(model): slightly improve handling of pulling empty blocks (#10679) 2026-05-09 12:15:18 +02:00
.policy.yml policy: pushing invalidates PR approval 2026-04-08 17:48:27 +02:00
.yamlfmt build: Add more GitHub Actions 2023-02-22 10:56:55 +01:00
AUTHORS chore(gui, man, authors): update docs, translations, and contributors 2026-06-01 05:22:49 +00:00
buf.gen.yaml refactor: use modern Protobuf encoder (#9817) 2024-12-01 16:50:17 +01:00
buf.yaml refactor: use modern Protobuf encoder (#9817) 2024-12-01 16:50:17 +01:00
build.go fix: let umask do the thing (#10723) 2026-06-03 10:54:04 +02:00
build.ps1 build: Clean up build.sh, add build.ps1 (#6689) 2020-05-28 12:42:15 +02:00
build.sh chore(gui): update dependency copyrights, add script for periodic maintenance (#10067) 2025-04-23 12:41:05 +07:00
compat.yaml chore: build with Go 1.26; use Go 1.25 features (#10570) 2026-02-11 10:41:38 +00:00
CONDUCT.md conduct: Upgrade to Contributor Covenant 2018-06-20 23:53:06 +02:00
CONTRIBUTING.md docs: minor formatting fixup of previous 2025-09-02 09:19:43 +02:00
Dockerfile build: Fixup Docker changes from previous (#9223) 2023-11-14 08:17:34 +01:00
Dockerfile.builder build: Fixup Docker changes from previous (#9223) 2023-11-14 08:17:34 +01:00
Dockerfile.stcrashreceiver build: Fixup Docker changes from previous (#9223) 2023-11-14 08:17:34 +01:00
Dockerfile.stdiscosrv build: Fixup Docker changes from previous (#9223) 2023-11-14 08:17:34 +01:00
Dockerfile.strelaypoolsrv lib/geoip, cmd/relaypoolsrv, cmd/ursrv: Automatically manage GeoIP updates (#9342) 2024-05-18 20:31:49 +03:00
Dockerfile.strelaysrv build: Fixup Docker changes from previous (#9223) 2023-11-14 08:17:34 +01:00
Dockerfile.stupgrades build: Fixup Docker changes from previous (#9223) 2023-11-14 08:17:34 +01:00
Dockerfile.ursrv build: Ursrv image for infrastructure 2023-11-15 08:48:00 +01:00
go.mod build(deps): x/net for govulncheck (#10703) 2026-05-23 06:48:21 +00:00
go.sum build(deps): x/net for govulncheck (#10703) 2026-05-23 06:48:21 +00:00
GOALS.md readme: Style fixes, add security note (#9136) 2023-09-28 11:55:48 +02:00
LICENSE all: Update license url to https (ref #3976) 2017-02-09 08:04:16 +01:00
README-Docker.md docs(docker): make host network mode the default (#10416) 2025-09-29 15:20:44 -04:00
README.md docs: update section on code signing 2024-12-16 11:42:34 +01:00

README.md

Syncthing

MPLv2 License CII Best Practices Go Report Card

Goals

Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers. We strive to fulfill the goals below. The goals are listed in order of importance, the most important ones first. This is the summary version of the goal list - for more commentary, see the full Goals document.

Syncthing should be:

  1. Safe From Data Loss

    Protecting the user's data is paramount. We take every reasonable precaution to avoid corrupting the user's files.

  2. Secure Against Attackers

    Again, protecting the user's data is paramount. Regardless of our other goals, we must never allow the user's data to be susceptible to eavesdropping or modification by unauthorized parties.

  3. Easy to Use

    Syncthing should be approachable, understandable, and inclusive.

  4. Automatic

    User interaction should be required only when absolutely necessary.

  5. Universally Available

    Syncthing should run on every common computer. We are mindful that the latest technology is not always available to every individual.

  6. For Individuals

    Syncthing is primarily about empowering the individual user with safe, secure, and easy to use file synchronization.

  7. Everything Else

    There are many things we care about that don't make it on to the list. It is fine to optimize for these values, as long as they are not in conflict with the stated goals above.

Getting Started

Take a look at the getting started guide.

There are a few examples for keeping Syncthing running in the background on your system in the etc directory. There are also several GUI implementations for Windows, Mac, and Linux.

Docker

To run Syncthing in Docker, see the Docker README.

Getting in Touch

The first and best point of contact is the Forum. If you've found something that is clearly a bug, feel free to report it in the GitHub issue tracker.

If you believe that youve found a Syncthing-related security vulnerability, please report it by emailing security@syncthing.net. Do not report it in the Forum or issue tracker.

Building

Building Syncthing from source is easy. After extracting the source bundle from a release or checking out git, you just need to run go run build.go and the binaries are created in ./bin. There's a guide with more details on the build process.

Signed Releases

Release binaries are GPG signed with the key available from https://syncthing.net/security/. There is also a built-in automatic upgrade mechanism (disabled in some distribution channels) which uses a compiled in ECDSA signature. macOS and Windows binaries are also code-signed.

Documentation

Please see the Syncthing documentation site [source].

All code is licensed under the MPLv2 License.