I just recently got my first Synology NAS (DS213+) and am running DSM 4.3 on it. I still have a few days of tinkering to spend on it before I need to decide if I should exchange it for a QNAP or something else…
My problem is the file permissions. I have created users, created shared folders and set permissions on them to give read/write access to all my users, I did not touch the group permissions at all. At the same time I set the (disabled) guest account to "no access" on all these shares. I have not enabled ACL on the shares yet.
Even though I did this the files and folders I create in these shares from a Windows 7 installation are created world writeable (777). I mounted the share in linux and created a text file which looked a little bit better, but it was still "644". How can I set the default creation mask of the entire share to prevent the world from any access at all to the share?
I enabled SSH access and tried editing the /usr/syno/etc/smb.conf, but as someone said in another post on the Synology forum, that file is overwritten on a restart of the NAS.
Best Answer
The short answer: Not possible.
I tried changing settings with
synoacltoolwhile waiting for a reply from the Synology support, but just as I thought I had managed to fix it, mounting it Windows and creating files/folders showed that I was back where I started.This is the answer I got from the Synology support:
Since the rules you would like to setup will cause conflicts due to the privilege priority is as follow: No access > Read/Write > Read only. - RW: users group - NA: everyone (Please be noticed all users account belong to users group by default) Which means everyone is NOT possible to access the shared folder include admin.
In our current design, the default shared folder permission is 777 since we also need to handle different type of permission controls across various platform (windows,Mac and Linux).