File synchronization: Configure Syncthing for multi-user devices

Some data (like password databases) are best kept local – but then, how do you sync them to all or some of your devices, without involving a cloud service?

We recommend Syncthing for that. When properly configured, all devices will directly communicate to synchronize files, as defined by you.

There’s a little catch though, when multiple users are logged in on the same device, e.g., a desktop machine. They will face problems with its default configuration. We’ll sort them out here.

This is not an introduction to Syncthing, it’s assumed you are familiar with its basics. We suggest you browse its FAQ for a quick overview.

When a »device« actually isn’t a device

Consider Jay and Robin, two users who may be logged in to the same PC, each wanting privacy and file synchronization, without interference from the other one.

When you install Syncthing, and have it auto-start upon Jay’s login, Jay gets their own personal instance of it. That instance will listen to the world on a specific port, and its Web GUI for Jay will be available on a second port. Unfortunately, in Syncthing terminology, Jay’s Syncthing instance is called a »device«.

When you do the same for Robin, their instance of Syncthing will try to start, but doesn’t know anything about Jay already being logged in. Robin’s instance of Syncthing will try to grab the same default ports, like Jay’s. This can’t possibly work, so Robin’s instance won’t start.

Even worse: If you haven’t enabled user names and passwords for the Jay’s Web GUI, Robin will erroneously access Jay’s file synchronization settings – and be granted full access.

What to do

You need to modify each user’s configuration of Syncthing, immediately after having installed Syncthing for that user, when calling the Web GUI for the first time.

If you’ve already installed Syncthing for all users, and »nothing seems to work right« now, keep calm: the same instructions apply.

Step 0: Install Syncthing, if you haven’t so far

Pick the appropriate installation option on Syncthing’s website, and follow the instructions.

Step 1: Set up a list of users, and their private Syncthing ports

Every instance of Sycthing, Jay’s as well as Robin’s, needs their own private listener port, and their own private Web GUI port. The default ports are 8384 and 22000, respectively – every freshly installed Syncthing instance will grab those defaults, upon start. That’s why you shouldn’t assign them to any user.

Let’s say you have scribbled down this table:

UserListener portWeb GUI port
Jay220018385
Robin220028386





It’s a good idea to maintain this list in a document. To keep things simple, we suggest that you use these parameters for all machines where Jay, Robin, and others have accounts.

Now, reboot the device, to make sure no personal instance of Syncthing is running yet.

Step 2: Per-user configuration

  1. Log in, as a user (or ask a user to do so). It doesn’t matter which user you pick first from the table above – in our example, it’ll be Jay.
  2. Start Syncthing. On most Linux distributions, the installation will have added a menu entry for that. (How to make Syncthing autostart is beyond the scope of this text). After a few seconds, Jay’s instance of Syncthing will be listening to the world on the default port, and offer a Web GUI under a second port, also the default. Unfortunately, every private instance of Syncthing like the one we just have started is called a »device«, in Syncthing’s terminology. Additional instances started by other users will also be considered a »device«, although all of them run on the same physical machine.
  3. The default URL for the Web GUI is http://127.0.0.1:8284. Open it in a browser, and the Web GUI should show up. Sadly, by default no login will be required.
  4. We’ll now change the default settings to Jay’s, taken from the table above. In the top right corner, open the Actions dropdown menu and click on Advanced, to access the Advanced Configuration screen.
  5. Click on the GUI accordion tab to open it. The field Address will show the default value of 127.0.0.1:8384 Change it to 127.0.0.1:8385. Similarly, click on the Options accordion tab to open it. The field Listen Addresses will have default as its content – change that to 22001, the value defined for Jay in the table above.
  6. Scroll down, and press the Save button. Syncthing will restart, and since we have changed the Web GUI port to 8385, it will immediately become unavailable – Jay will have to browse to http://127.0.0.1:8285, from now on.
  7. That’s the bare minimum. Jay’s instance of Syncthing will now listen to the world on its own port, and Jay will be able to change their file synchronization settings under http://127.0.0.1:8285. Have Jay log out, and repeat steps all steps until here for Robin, using their private values from the table.
  8. While Jay and Robin now have their private instances of Syncthing up and running, Jay can now access Robin’s configuration, and vice versa: by default, there is no login protection, so they can simply browse the other one’s URL. Even other users on that machine can! Let’s change that.

Step 3: Secure the Web GUI

We’ll set a password for user »Jay«, as an example. Optionally, you can (and should) enable HTTPS for the Web GUI.

  1. Launch the Web GUI. Remember you changed the Web GUI port, so you have to use http://127.0.0.1:8285
  2. In the top right corner, open the Actions dropdown menu and click on Advanced, to access the Advanced Configuration screen.
  3. Click on the GUI accordion tab to open it. In the field User, enter »Jay«; enter a good-quality password into Password.
  4. Optional, but recommended: Enable [x] Use TLS. Pro: access to the Web GUI willl now be secured via TLS (the URL changes to https://...) Con: Since Syncthing is using self-signed certificates, your browser will most likely alert you about a security risk, when accessing the Web GUI. We’d rather live with that annoyance than disable TLS.

If you mess up

When playing with Web GUI options, you might accidentally end up with the Web GUI being inaccessible. The options discussed above reside in a file called config.xml. Depending on your operating system, it’s location varies.

Make sure the Synthing instance is not running, before proceeding.

You can open config.xml with a text editor fill in the default values, again:

Reset listener port

<options>
    <listenAddress>default</listenAddress>

Reset Web GUI port; disable user name & password, TLS

<gui enabled="true">
        <address>127.0.0.1:8384</address>
  • Removing tls="true" from <gui ...> disables TLS / HTTPS.
  • Removing <user>...</user> and <password>...</password> disables the login requirement.

You should now be able to restart Syncthing.

Image Credits:
Papirus icon for Syncthing-gtk (modified) | GNU General Public License, version 3

Licensing:
This content is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
For your attributions to us please use the word »tuxwise«, and the link https://tuxwise.net.