I think I have locked myself out from a Synology DSM Web access. When I was logged in, I removed all "granted by default" privileges, and apparenlty one of them (Desktop?) affected my administration account. Now when I get to the login page, I successfully fill username, password and 2nd verification and then I got a "You are not authorized" error (note: my IP is not auto-blocked). I have all passwords and can access the device via ssh
and the data via SMB
.
All I could research is to do a soft reset, but I am not sure whether this will fix privileges too and I would prefer not to destroy my current configuration.
By using ssh
, is there a way I can fix the privileges to add my custom administration user to log in to DSM? I've been exploring some files on /etc
with no much success.
Best Answer
Thanks to Tonny's confirmation about Desktop I was able to fix the problem, so I will share because it is a bit frustrating if this happens to you....
After successfully inserting the passwords in DSM, the error is something like this: "You are not authorized to use this service."
Steps to fix the problem if you accidentally locked yourself out of the DSM Web access:
ssh
access, and use an administrator user. If you don't, you probably need to do a soft reset.ssh your_username@your_synology_ip
cd /etc
grep your_username /etc/passwd
(e.g.grep administrator /etc/passwd
) The answer will be something likeadministrator:x:1021:100::/var/services/homes/administrator:/bin/sh
You are interested in your id, in the example:1021
cp synoappprivilege.db synoappprivilege.db.org
sudo sqlite3 synoappprivilege.db
It will ask for your password. Insert the password of your_username (same password you used forssh
). It will prompt:Check tables (not strictly necessary):
Query table (not strictly necessary):
This will dump the contents of the table, which will be similar to these:
The priviledge we unintentionally removed was
SYNO.Desktop
and will probably not be listed in the previous command. So we need to insert it (note: use your user id as obtained before with grep, in my case,1021
):Confirmation that everything is all right...
DONE! You can now log in.
After I fixed the problem I found the same solution here, but it was impossible to get from search engines on the first instance. Also, beware the
insert
in that link has a small mistake.