Our thinking

Recursively Propagate Permissions on a Synology NAS with synoacltool

Synology DSM lets you do some pretty complex things with permissions on files and folders, however occasionally things can get a bit mixed up and it’s difficult to see what’s happening and even more difficult to recover from it.

Whilst you can go into the DSM web interface and check the permissions at the top level of each share point in Control Panel > Shared Folder, it’s difficult to see what’s going on below this.

To dig deeper we need to get into the command-line, so you first have to enable ssh access. Go into Control Panel > Terminal & SNMP and Enable SSH service

You can now ssh into the Synology as an admin user (provided your firewall rules on the NAS allow it)

I found that if you modify the permissions on a file or folder with chmod then this seems to wipe out the ACL information. Never mind, there’s another utility called synoacltool that lets you modify ACLs. Unfortunately however synoacltool doesn’t have a switch to operate recursively.

Unix find to the rescue!

What I was able to do however was use find to run it on each and every file and folder in a given folder – this likely isn’t the most efficient way to do it, but you (hopefully) don’t need to do this too often anyway…

First, wipe out the ACLs and set the unix permissions with chmod

chmod -R a+rwX /volume1/Share\ Point

Set the permissions on your share point in DSM and check it in the terminal

ls -ale /volume1/Share\ Point

I got this far, however when I checked the permissions on the files and folders inside Share Point they still had plain ol’ unix permissions and no acls

cd /volume1/Share\ Point

ls -ale

no ACLs. Let’s get them happening.

find . -execdir synoacltool -copy /volume1/Share\ Point {} \;

What this does is find each file and folder and then run the exec command on the given file or folder – so it copies the ACL from our top-level folder onto every single file and folder in the Share Point folder.

There’s quite a lot of overhead in doing it this way, but hopefully you only need to do this once and then the permissions will work…

4 thoughts on “Recursively Propagate Permissions on a Synology NAS with synoacltool

  1. Wouldn’t it make more sense to not copy the ACLs but to inherit them? I personally prefer

    find /volume1/Share\ Point -mindepth 1 -execdir synoacltool -enforce-inherit {} \;

    I additionally would recommend to exclude some dirs like @eaDir, #recycle, #snapshot

    find /volume1/Share\ Point -mindepth 1 ! -path '*/@eaDir*' ! -path '*/#recycle*' ! -path '*/#snapshot*' -execdir synoacltool -enforce-inherit {} \;

  2. Hello and greetings from Holland.

    When using large amounts of data, you may suffer buffer-overflows by ‘find’. I personally prefer sticking the result of ‘find’ into while-loops and not the exec. As the find-command will be put into 1 array, which often does not fit when using big data. Better is to use line-by-line.

    find . whatever_you_want | while read line; do synoacltool -enforce-inherit “$line”; done

Leave a Reply