Setting Synology DSM permissions using the console
229 words, 2 minutes
After migrating my users from local DSM base to Directory Server, I ended with shares full of inconsistent permissions and ownership. Rather than clicking 10 000 times in DSM, I decided to do the stuff via SSH using syno console tools.
Get the share list:
# synoshare --enum ALL
Share Enum Arguments: [0xF0F] ALL ENC DEC
11 Listed:
docker
Documents
(...)
Reset UNIX permissions to something sane:
# USER="root"
# GROUP="root"
# FOLDER="/volume1/Documents"
# chown -R $USER:$GROUP $FOLDER
# find $FOLDER -type d -exec chmod 0700 {} \;
# find $FOLDER -type f -exec chmod 0600 {} \;
Configure ACL:
- Full Access to a specific LDAP user
- Full Access to every member of the local Administrators group:
# synoacltool -set-owner $FOLDER user joe@synology.tumfatig.local
# synoacltool -add $FOLDER user:joe@synology.tumfatig.local:allow:rwxpdDaARWcCo:fd--
# synoacltool -add $FOLDER group:administrators:allow:rwxpdDaARWcCo:fd--
# find $FOLDER -exec synoacltool -enforce-inherit {} \;
Verify the final permissions:
# synoacltool -get $FOLDER
ACL version: 1
Archive: has_ACL,is_support_ACL
Owner: [joe@synology.tumfatig.local(user)]
---------------------
[0] user:joe@synology.tumfatig.local:allow:rwxpdDaARWcCo:fd-- (level:0)
[1] group:administrators:allow:rwxpdDaARWcCo:fd-- (level:0)
Configure another ACL:
- Full Access to a specific LDAP user
- Full Access to every member of the local Administrators group
- Read-Only access to every member of the LDAP Users group:
# FOLDER="/volume1/Pictures"
# synoacltool -set-owner $FOLDER user joe@synology.tumfatig.local
# synoacltool -add $FOLDER user:joe@synology.tumfatig.local:allow:rwxpdDaARWcCo:fd--
# synoacltool -add $FOLDER group:users@synology.tumfatig.local:allow:r-x---a-R-c--:fd--
# synoacltool -add $FOLDER group:administrators:allow:rwxpdDaARWcCo:fd--
# find $FOLDER -exec synoacltool -enforce-inherit {} \;
Now, everything should be cleaned.