Setting Synology DSM permissions using the console

       229 words, 2 minutes

After migrating my users from local DSM base to Directory Server, I ended with shares full of inconsistent permissions and ownership. Rather than clicking 10 000 times in DSM, I decided to do the stuff via SSH using syno console tools.

Get the share list:

# synoshare --enum ALL
Share Enum Arguments: [0xF0F] ALL ENC DEC
11 Listed:
docker
Documents
(...)

Reset UNIX permissions to something sane:

# USER="root"
# GROUP="root"
# FOLDER="/volume1/Documents"

# chown -R $USER:$GROUP $FOLDER
# find $FOLDER -type d -exec chmod 0700 {} \;
# find $FOLDER -type f -exec chmod 0600 {} \;

Configure ACL:

# synoacltool -set-owner $FOLDER user joe@synology.tumfatig.local

# synoacltool -add $FOLDER user:joe@synology.tumfatig.local:allow:rwxpdDaARWcCo:fd--
# synoacltool -add $FOLDER group:administrators:allow:rwxpdDaARWcCo:fd--

# find $FOLDER -exec synoacltool -enforce-inherit {} \;

Verify the final permissions:

# synoacltool -get $FOLDER
ACL version: 1
Archive: has_ACL,is_support_ACL
Owner: [joe@synology.tumfatig.local(user)]
---------------------
[0] user:joe@synology.tumfatig.local:allow:rwxpdDaARWcCo:fd-- (level:0)
[1] group:administrators:allow:rwxpdDaARWcCo:fd-- (level:0)

Configure another ACL:

# FOLDER="/volume1/Pictures"

# synoacltool -set-owner $FOLDER user joe@synology.tumfatig.local

# synoacltool -add $FOLDER user:joe@synology.tumfatig.local:allow:rwxpdDaARWcCo:fd--
# synoacltool -add $FOLDER group:users@synology.tumfatig.local:allow:r-x---a-R-c--:fd--
# synoacltool -add $FOLDER group:administrators:allow:rwxpdDaARWcCo:fd--

# find $FOLDER -exec synoacltool -enforce-inherit {} \;

Now, everything should be cleaned.