Moments folders permissions vs. other folders in DSM

Currently reading
Moments folders permissions vs. other folders in DSM

8
4
NAS
DS1019+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
I installed moments on my nas about a month ago and started to put pictures into the "shared" moments library so the wife and I can work on creating a master library. I went to file station to see where the photos were saved and noticed that my personal account and neither my wife had access to the file directories though file station. I then checked the permissions of the share and the subdirectories and noticed they are the "normal" security attributes. Here is what I see in the moments folder:

1591186430946.png


1591186532002.png


And this is what I normally see on any share and folder I create in DSM:

1591186591436.png

1591186499622.png



Why is there a difference in the security forms for the moments folder structure vs. a DSM created share and folder structure? I would like to get access the native folders if possible to backup outside of Hyper Backup. Is this a deliberate security model to prevent access to the file system for the moments folder?

Thanks..
 

fredbert

Moderator
NAS Support
Subscriber
1,700
692
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Not sure about /photo/Moments permissions. My /photo was created by Photo Station and its uid/gid of root/root, then the owner/group/others are set rwx/rwx/rwx. And this is the same for /photo/Moments.

These are the operating system level permissions and DSM places access control lists (ACLs) over this. If you look in Control Panel -> Shared Folders and check the permissions for /photo then you'll see each user and group access rights.

I don't have a SynlogyMoments user or group in DSM but do see them in the operating system files /etc/shadow and /etc/group, when connecting to the command line with SSH.

A DSM created folder is assigned ownership to the user that created it whereas, it seems here, the /photo/Moments folder was created by a Moments processes running as SynologyMoments (group SynologyMoments). I've not seen other folders created by other packages that do this.

I suggest to could ask Synology Support why this is like it.
 
8
4
NAS
DS1019+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
I reached out to Synology support on this and they stated that the folder's access was restricted to the Moments application only and that the security settings on the folder structure should not be changed. Since I used IDrive backup and Emby media server getting access to these files require administrator access. There suggestion was to create an account per application and put them in the administrators group so I can backup and use Emby against the contained photos. The only issue with this approach is now there are new vectors for getting access to the files.
 

fredbert

Moderator
NAS Support
Subscriber
1,700
692
NAS
DS1520+, DS218+, DS215j
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
the folder's access was restricted to the Moments application
There suggestion was to create an account per application and put them in the administrators group so I can backup and use Emby against the contained photos
By 'application' in the second instance you mean iDrive and Emby, not Moments. It confused me for a while because why would you be creating an admin account for each Synology application.

I'm not sure why creating another admin user, which is effectively what Synology suggests, will fix this. I'd be more inclined to create a standard user and configure very limited access to most DSM packages and features but with access to Moments folders. This way there's a focused access and it can't be used to walk just anywhere.

I've permitted my standard user account to access a few things that most other standard accounts don't have access, purely because I push files onto the NAS and I'd rather not be using an admin account.
 
8
4
NAS
DS1019+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
Yes iDrive and Emby...sorry about the confusion. The issue is that the folder structure created by the Moments app has Operating system security settings not DSM security settings (see images in original post). If you did create a limited access user account and attempted update the security of the folder structure there is no way though the GUI to add that user or join the group.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Similar threads

Similar threads

Trending threads

Top