4

How can a regular user (no root) connect to a synology diskstation and download / upload files only without root permissions and without using some gui (browser / filebrowser)?

I already activated ssh in the synology settings but it seems that only the root admin can sonnect to the server using ssh. All solutions involving mount nfs or mount.cifgs are unsuitable because one need root priviledges to execute them and we cannot give root access to all our employees.

Does anyone have an idea?

mcExchange
  • 192
  • 1
  • 2
  • 9

2 Answers2

1

According to the notes when you enable SSH/telnet a user has to be part of the administrators group. So technically you don't have to have root access just part of the administrators group.

You haven't specified which OS you're using but below is using Mac OSX Sierra.

I have tested this and appears to work from a mac type the following in terminal:

ssh username@192.168.0.11
  • replace username with the user's login name. And if you have used SSH default port that should work. After the @ symbol replace with the IP address of your Synology box.

More information

One thing that isn't that clear is why would you not use the sharing features within Synology by default? It has windows services and mac services out of the box.

This means you can use CMD prompt batch scripts auto mapping via Mac to map network drives and not have to worry about SSH. Using the security advisor within the DSM ssh on it's default port is a security risk and should only be opened if you are willing to accept this and can mitigate any issues arising from opening these particular features.

UPDATE FOR LINUX

As stated above I believe if you use the native tools it will put you in good stead. From your comment please find this part that's updated.

Please use the following to setup sharing for Linux clients:

Before accessing a shared folder with your NFS client, you will need to change the system settings of your Synology NAS to allow sharing via NFS. Please follow the steps below.

  1. Log into DSM with an account belonging to the administrators group.
  2. Go to Control Panel > File Services
  3. On the Win/Mac/NFS tab, tick the box Enable NFS.
  4. Click Apply to save settings.

Assign NFS Permissions to Shared Folders Before accessing any shared folders with your NFS client, you must first configure the NFS permissions of the shared folder you wish to access. The steps below will guide you through the process of changing NFS permissions of the shared folders on your Synology NAS.

You need set up sharing permissions once this is set up for your users, no need to add them to the admin group, and you can then mount the share as you would normally:

On your Linux computer, open the command console. Enter the mount command as follows: mount [Synology NAS IP address] : [mount path of shared folder] / [mount point on NFS client] Enter the disk free (df) command to confirm you have successfully mounted the shared folder.

For a guide with screen shots etc please go here:

Synology NFS Guide

Hope this helps.

TheNerdyNerd
  • 408
  • 3
  • 6
  • Ta Kamil for the update. All new to this. – TheNerdyNerd Nov 15 '16 at 10:53
  • We are using Ubuntu. Some of our staff members work without graphical user interface, that is why. Adding all those members to the admin group seems not to be an option that would work for us. Still thanks for your help – mcExchange Nov 30 '16 at 19:14
  • I have updated the shares according to ubuntu and linux. You can use the sharing features on synology to gain access. – TheNerdyNerd Dec 08 '16 at 10:08
0

To enable non-admin users to ssh to a synology NAS running DSM 6.2.1, the following worked for me. In the following, I assume that you can already ssh to the NAS as root user.

Adapt /etc/passwd

Change the login shell for those users that you want to be able to login via ssh according to https://andidittrich.de/2016/03/howto-re-enable-scpssh-login-on-synology-dsm-6-0-for-non-admin-users.html. As these settings might be overwritten by the DSM, it is best to login to the NAS as root, and create a script with the following content:

#!/bin/bash
# Change the Login Shell for User "SOMEUSER" to /bin/sh
/usr/bin/awk -i inplace -F: 'BEGIN{OFS=":"}/^SOMEUSER\:/{gsub(/.*/,"/bin/sh",$7)}1' /etc/passwd

Add one line for every user that needs to be able to login via ssh. This will change the default /sbin/nologin shell to /bin/sh in /etc/passwd for those users. As the changes in /etc/passwd might be overwritten, it is best to make the script exectuable and have it run regularly and after every boot of the NAS.

Adapt /etc/ssh/sshd_config

Additionally, I had to adapt the /etc/ssh/sshd_config. In this file, you find the line

AllowUsers admin root SOMEUSER1 SOMEUSER2

where I had to add all the users that I wanted to be able to login via ssh. It might also be ok to just comment out this line but I have not tried this.

restart

Afterwards I had to restart the NAS and then ssh login for non-admin users worked.

Thomas
  • 341
  • 1
  • 3
  • 11
  • Does this still work for you in version 6.2.2? I'm pulling my hair over this since we have several use cases for this that all stopped working. Also `AllowUsers` is not set on my Synology and if I do manually it does not seem to have any effect. – TylerDurden May 20 '19 at 12:13
  • Can you test this with the latest version of DSM? In principle I receive a successful auth but afterwards some Synology thingy shuts down the connection. – TylerDurden May 23 '19 at 05:43
  • Unfortunately, I now have the same problem. My public key gets accepted but then I get a "Permission denied" error. So unfortunately, this method is not working anymore for 6.2.2. – Thomas May 27 '19 at 19:20