WebDAV restrict access

Currently reading
WebDAV restrict access

196
36
NAS
DS920+, DS918+, DS214+, DS211j
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
  2. iOS
Hi!

Basically the WebDAV server runs properly on my DSM 7 machine with Directory Server authentification.
I can access shares when using my domain user accessing the DS.

Up to now I didn't realize that when my user accesses the DS using WebDAV, it can browse all of the available shares. My user does not have domain admin credentials, though.

So question is, can I restrict my user to have access to only a single share for security reasons? Or can I restrict the WebDAV server to have access only to one of those available shares?
 
Yes, of course you are correct!

Issue is that my domain user is member of several AD groups that allow access to almost all available shares on NAS.
This is desired and necessary for daily work and for mapping shares to drive letters when working in intranet.

The very same user is authenticating from external using WebDAV using the same credentials as on intranet. Hence my user gets access to all shares again. This may be correct, in my case, however it's not.

So I would like to give the WebDAV server access just for a single share with the purpose when a user access the NAS from external, he can see only one of those shares.
 
Alternatively don't run WebDAV on the main device but on another/vDSM and setup shares (Folder Sync?) so that they access only what you want.

Or deep dive into DSM and see if there's a config file to stop WebDAV Server permitting access to all shares. This is a guess and I've never looked into doing it.
 
Last edited:
this behaviour of strange account control for WebDav is confirmed on my side also. I stopped using it last year.
Not first time is seen from Syno. This year, the situation happened to me in Drive as well.
-- post merged: --

I found out just by accidentally because an external co-worker showed me that he could see the whole team folder, which he should not have seen at all. Even that condition persisted after I disabled his account (DSM) + even after we deleted the entire directory tree (synced Drive TF) on his Macbook. The directory always miraculously appeared to him. I know that miracles last for 2000 years, but this was beyond my ideas. To date, I have not received a response from Syno Support (~6 months).
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

I found a solution by updating the registry, which removed the security prompt, but it led to various...
Replies
2
Views
720
Hi! I just installed 3rd parts package LogAnalysis to see all log files on my DS918+ I noticed that...
Replies
0
Views
1,401
Dear All, Since DSM 7 or 7.0.1 (?) WebDav (HTTPS) is not working properly. I can't connect to another...
Replies
0
Views
2,710
I would expect its a standalone service because it runs on it's own port and cannot be shared (ofcourse a...
Replies
1
Views
2,556

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top