Activebackupforbusiness share permission

[GDT78]

Hello, I'd like to know which are the best settings for Activebackupforbusiness share. I'd like to give full permission to Active Backup software but nothing or readonly to all the users mapped on the NAS, to avoid ransomwares to reach and crypt the folder. Is this possible?

 

[fredbert]

The default permissions for the automatically created ActiveBackupforBusiness Shared Folder is:

• System internal user ActiveBackup has read-write
• DSM administrator group has read-only
• No access for any other users

You can check this in Control Panel / Shared Folder.

 

[GDT78]

If I access from windows (SMB) with an user member of Administrator Group I can write files into it...

 

[fredbert]

I also just added, within File Station, a new folder 'test_dir' to the top level of ActiveBackupforBusiness Shared Folder. Same as you it was with an administrator user which should only have read-only access.

But if use SSH and then try to touch /volume1/ActiveBackupforBusiness/file.txt or cd /volume1/ActiveBackupforBusiness/test_dir using my admin user then this is blocked.

Both these locations are the same, as are the admin account being used, but method allows the folder to be created and the other denies it.

Hmm.

Update:
Within File Station my admin user cannot create a new folder within /volume1/ActiveBackupforBusiness/ActiveBackupData. But I'm not brave enough to try editing ActiveBackupData itself

 

[GDT78]

Just tried, same results. I think that's good enough to keep safe from ransomwares actions.