etc/linux-systemd: Mention AmbientCapabilities for syncOwnership. (#8536)

Add a commented entry to the systemd service file templates to point
the user in the right direction when using syncOwnership and starting
via systemd.  Which is more upgrade-friendly than setting caps on the
executable directly, as mentioned in the docs.

3 files changed, 9 insertions, 1 deletions

diff --git a/etc/linux-systemd/README.md b/etc/linux-systemd/README.md
index 57cfe8c05..96aba562c 100644
--- a/etc/linux-systemd/README.md
+++ b/etc/linux-systemd/README.md
@@ -5,4 +5,4 @@ This directory contains configuration files for running Syncthing under the
 systemd user service. For further documentation take a look at the [systemd
 section][1] on https://docs.syncthing.net.
 
-[1]: https://docs.syncthing.net/users/autostart.html#using-systemd
+[1]: https://docs.syncthing.net/users/autostart#using-systemd
diff --git a/etc/linux-systemd/system/syncthing@.service b/etc/linux-systemd/system/syncthing@.service
index b76b0d22f..bbdf0d1f5 100644
--- a/etc/linux-systemd/system/syncthing@.service
+++ b/etc/linux-systemd/system/syncthing@.service
@@ -20,5 +20,9 @@ SystemCallArchitectures=native
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 
+# Elevated permissions to sync ownership (disabled by default),
+# see https://docs.syncthing.net/advanced/folder-sync-ownership
+#AmbientCapabilities=CAP_CHOWN CAP_FOWNER
+
 [Install]
 WantedBy=multi-user.target
diff --git a/etc/linux-systemd/user/syncthing.service b/etc/linux-systemd/user/syncthing.service
index d1b68b5ba..18078d05f 100644
--- a/etc/linux-systemd/user/syncthing.service
+++ b/etc/linux-systemd/user/syncthing.service
@@ -16,5 +16,9 @@ SystemCallArchitectures=native
 MemoryDenyWriteExecute=true
 NoNewPrivileges=true
 
+# Elevated permissions to sync ownership (disabled by default),
+# see https://docs.syncthing.net/advanced/folder-sync-ownership
+#AmbientCapabilities=CAP_CHOWN CAP_FOWNER
+
 [Install]
 WantedBy=default.target