Handing unix permissions with a Synology file server

I’m going to assume that you already have setup ssh access to your synology diskstation and are familiar with basic linux shell commands.

Edit the samba config file at:

/usr/syno/etc/smb.conf

Add the following in the [global] section

 veto files=/@eaDir/.DS_Store/Thumbs.db/
 delete veto files=yes
 create mask=640
 security mask=640
 directory mask=750
 directory security mask=750
 force create mode=640
 force security mode=640
 force directory mode=750
 force directory security mode=750

This ensures a fairly strict set of permissions.  Note that this only affects the permissions on the files themselves.  Samba still uses its own rules to determine who has read and write access for users accessing files over CIFS but this gets FTP permissions correct.

Now would also be a good time to shutdown all media indexing to make sure that your Synology box isn’t “helpfully” filling all your directories with @eaDir directories full of thumbnails.  To do this, you need to disable all the indexing services that are auto-launched for you as part of the rc init scripts.  An easy way to do that is to simply make those files unreadable.  Here’s a quick script to do that:

ETC='/usr/syno/etc.defaults/rc.d'
SERVICES='S66fileindexd.sh S66synoindexd.sh S77synomkthumbd.sh S88synomkflvd.sh'
for s in $SERVICES
do
 ${ETC}/$s stop
done
for s in $SERVICES
do
 chmod -rwx ${ETC}/$s
done

You can save this as a script in /root and run it anytime you update your DSM.