Jump to content

Synology

From MukeWiki


DSM7 system default groups:

  • administrators is system default admin group
  • users is system default group. This group includes all users in this DSM and its member list cannot be modified.

Created users (for example):

  • user-admin, member of groups: administrators and users
  • user-normal, member of groups: users (no admin)
  • user root does not exist (and cannot be created) in DSM (for security reasons), but exist in "Linux system" via sudo -i
  • user admin and user guest are deactivated in DSM7

Enable SSH service via 'Enable SSH service' (Control Panel > Terminal & SNMP > Terminal) which will start /usr/bin/sshd -D. 

[pc]$ ssh user-admin@dsm.host
user-admin@dsm.host's password:

Could not chdir to home directory /var/services/homes/user-admin: No such file or directory
user-admin@dsm:/$ pwd
/
user-admin@dsm:/$ sudo -i     # be careful, root user has the highest privileges
Password:
root@dsm:~#

[pc]$ ssh user-normal@dsm.host
user-normal@dsm.host's password:

Permission denied, please try again.
Connection to dsm.host closed.

$ grep -e root -e user-admin -e user-normal /etc/passwd
root:x:0:0::/root:/bin/ash
user-admin:x:1028:100::/var/services/homes/user-admin:/bin/sh
user-normal:x:1029:100:/var/services/homes/user-normal:/sbin/nologin

SSH prihlasenie (by default) je mozne len pre uzivatelov, ktori su clenmi administrators group, resp. len pre uzivatelov, ktori nepouzivaju pri prihlaseni nologin(8) (disabled account). Pridanie uzivatela user-normal do administrators group zameni shell /sbin/nologin na /bin/sh a umozni SSH prihlasenie.

SSH server (Synology DSM7 sshd_config by default) pri autentifikacii pomocou verejneho kluca preveruje subor .ssh/authorized_keys v home directory, ale DSM (by default) nepouziva home directories pre uzivatelov. See also [1]. 

/var/services/homes -> /volume1/homes             # Enable user home service: yes
/var/services/homes -> /volume1/@fake_home_link   # Enable user home service: no
# after disable user home service, dir /volume1/homes with all subdirs (for each users) are preserved

Tip Working (temporary) without 'Enable user home service'. Example with mc (Midnight Commander) from SynoCli File Tools package. 

[pc]$ ssh user-admin@dsm.host

Could not chdir to home directory /var/services/homes/user-admin: No such file or directory
user-admin@dsm:/$ mkdir -p "/tmp/$USER" && HOME="/tmp/$USER" && mc

# DSM7 restart sshd
$ sudo synosystemctl restart sshd.service     # /usr/syno/bin/synosystemctl
[sshd.service] restarted.

Shared Folder permissions

In DSM the access permissions of Shared Folders are based on Windows ACL by default. See also [2], [3] and [4], [5], [6].
NOTE DSM je sice Linux (BSD) operacny system, ale umoznuje pracovat s roznymi file systems, file services, vratane Windows operacne systemy.

DSM rozlisuje permissions: No Access (NA), Read/Write (RW), Read Only (RO) a Custom (Permission Editor/Inspector to manage ACL permissions), pricom plati NA > RW > RO. Access Control Lists (ACL) poskytuje rozsireny a flexibilnejsie mechanizmus povolenia pre file system. Administratorom umoznuje nastavit specificke povolenie pre jednotliveho uzivatela alebo skupinu. V Linux systemoch sa pouzivaju prikazy getfacl(1)rpm resp. setfacl(1)rpm. Synology DSM pouziva specificky prikaz synoacltool -get resp. synoacltool -add. ACL permissions nebudeme menit, preto dalej s Custom permissions nebudeme pracovat, uvazovat.

Platia nasledovne pravidla pre pracu with Shared Folder:

  • Ak nie su nastavene ziadne permissions => No Access permissions.
  • System default admin group administrators ma pre Shared Folder Read/Write permissions (by default).
  • System default admin group administrators moze pre Shared Folder zmenit permissions na No Access alebo Read/Write (by default), nie vsak na Read Only, t.j. bud maju plny pristup alebo ziaden (ani citanie).
  • System default group users nema pre Shared Folder nastavene ziadne permissions, co znamena No Access (by default).
  • Admin pre system default group users moze pre Shared Folder zmenit permissions na No Access alebo Read/Write alebo Read Only.

Created Shared Folder EXAMPLE_FOLDER. Permissions by default: administrators group Read/Write and users group without any permissions => No Access. Permissions je mozne dalej modifikovat cez 'Control Panel > Shared Folder > EXAMPLE_FOLDER > Edit > Permissions' pre tychto users/groups: System internal user or Local users or Local groups.

Warning Data should only be stored in shared folders. Data stored elsewhere may be deleted when the system is updated/restarted. 

$ sudo tune2fs -l /dev/md0 | grep -i acl
Default mount options:    user_xattr acl

$ ls -al -d /volume1/EXAMPLE_FOLDER/
drwxrwxrwx+ 5 root root 4096 Mar 27 16:10 /volume1/EXAMPLE_FOLDER/
#         + (plus sign, after permissions) notice that there is an ACL

$ synoacltool -get /volume1/EXAMPLE_FOLDER/   # /usr/syno/bin/synoacltool
ACL version: 1
Archive: has_ACL,is_support_ACL
Owner: [root(user)]
---------------------
         [0] group:administrators:allow:rwxpdDaARWc--:fd-- (level:0)

rsync

For remote transfers a modern rsync uses remote shell (ssh by default). It is not necessary (nor desirable) to 'Enable rsync service' (Control Panel > File Services > rsync) which will start /usr/bin/rsync --daemon (not recommended, not safety/encrypted). 

$ rsync user-admin@dsm.host:/volume1/EXAMPLE_FOLDER/
Permission denied, please try again.
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(232) [Receiver=3.4.1]

$ rsync --rsync-path='/usr/bin/rsync' user-admin@dsm.host:/volume1/EXAMPLE_FOLDER/
# OK, files listed

Could not chdir to home directory /var/services/homes/user-admin: No such file or directory
# This message (sshd) indicates that the home directory of your account is not available.
# You can simply ignore this message or 'Enable user home service' to prevent showing it

# user-normal not a member of the administrators group
$ rsync --rsync-path='/usr/bin/rsync' user-normal@dsm.host:/volume1/EXAMPLE_FOLDER/
Permission denied, please try again.
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(232) [Receiver=3.4.1]
rsync --rsync-path= Versions of rsync (DSM 7.2, 2025-04)
/usr/bin/rsync (or /bin/rsync) original Synology DSM ver 3.1.2 (released 2015-12) of rsync
/usr/local/bin/rsync SynoCli Network Tools ver 3.4.1 (released 2025-01) of rsync

Recommended excluded dirs (recursive): @eaDir and '#recycle', @tmp.

file transfer

[musinsky@muke ~]$ truncate --size=12345 test.file
[musinsky@muke ~]$ ls -l --full-time test.file
-rw-r--r-- 1 musinsky musinsky 12345 2025-04-03 14:52:44.326597898 +0200 test.file

# 'test.file' was uploaded via 'File Station' DSM web interface (as user-admin user)
user-admin@dsm:/$ ls -l --full-time /volume1/EXAMPLE_FOLDER/test.file
-rwxrwxrwx+ 1 user-admin users 12345 2025-04-03 14:52:44.326000000 +0200 /volume1/EXAMPLE_FOLDER/test.file
user-admin@dsm:/$ synoacltool -get /volume1/EXAMPLE_FOLDER/test.file
ACL version: 1
Archive: is_inherit,is_support_ACL
Owner: [user-admin(user)]
---------------------
         [0] group:administrators:allow:rwxpdDaARWc--:---- (level:1)

# 'test.file' downloaded (as zip archive) via 'File Station' DSM web interface (as user-admin user)
[musinsky@muke Downloads]$ unzip test.zip   # NOTE zip/unzip drops nanoseconds from the timestamp of file
[musinsky@muke Downloads]$ ls -l --full-time test.file
-rwxrwxrwx 1 musinsky musinsky 12345 2025-04-03 14:52:44.000000000 +0200 test.file

# remove previously uploaded 'test.file' on Synology DSM
[musinsky@muke ~]$ rsync --rsync-path='/usr/local/bin/rsync' --archive test.file \
>                  user-admin@dsm.host:/volume1/EXAMPLE_FOLDER/ --itemize-changes
Could not chdir to home directory /var/services/homes/user-admin: No such file or directory
<f+++++++++ test.file

user-admin@dsm:/$ ls -l --full-time /volume1/EXAMPLE_FOLDER/test.file
-rw-r--r-- 1 user-admin users 12345 2025-04-03 14:52:44.326597898 +0200 /volume1/EXAMPLE_FOLDER/test.file
user-admin@dsm:/$ synoacltool -get /volume1/EXAMPLE_FOLDER/test.file
(synoacltool.c, 596)It's Linux mode

[musinsky@muke ~]$ rm test.file
[musinsky@muke ~]$ rsync --rsync-path='/usr/local/bin/rsync' --archive \
>                  user-admin@dsm.host:/volume1/EXAMPLE_FOLDER/test.file . --itemize-changes
Could not chdir to home directory /var/services/homes/user-admin: No such file or directory
>f+++++++++ test.file
[musinsky@muke ~]$ ls -l --full-time test.file
-rw-r--r-- 1 musinsky musinsky 12345 2025-04-03 14:52:44.326597898 +0200 test.file

notes

Synology alternative (build own NAS)
Retrieved from "https://muke.saske.sk/mediawiki/index.php?title=Synology&oldid=4240"