ACL fix for Synology DiskStations

A reader got in touch with me regarding my previous post, Quick sh script cronjob to fix user homes permissions on Synology. That script was initially intended to fix user homes file ownership, but this reader shared a script that uses the synoacltool to fix the Access Control List on directories.

A few thoughts regarding this script:

First, it was mentioned that these issues may be fixed in the latest DSM release. If you’re still experiencing file ownership and permissions issues, please feel free to use the solution linked to above or posted below.

Second, the script linked to above and the script below take different approaches on the problem. You may find a solution in one, or you may elect to use both.

Third, it was mentioned that this was a “one and done” solution. Due to the changing nature of filesystem content, I don’t believe that to be the case. You may want to save this as a sh script and run it as a scheduled task, or you may want it to run on every boot up. If you decide you want to run it on every boot, edit (or create) the file /etc/rc.local, and paste the below. I can’t say for certain whether this script is preserved on an upgrade, though this page strongly suggests that it would be preserved.

I don’t have a Synology unit right now to test this on, so I can’t offer any insight other than what I’ve shared above.

Here’s the script:

synouser --enum all > user.list
sed -i 's/\\/\\\\/g' user.list
cat user.list | while read line
echo -n "$line: "
USERDIR=`synouser --get "$line" | grep "User Dir"`
if [ $? != 0 ]; then
echo "user: [$line] not found"
HOMEPATH=`echo "$USERDIR" | cut -d'[' -f2 | cut -d']' -f1`
synoacltool -get-archive "$HOMEPATH" | grep is_support_ACL > /dev/null 2>&1
if [ $? != 0 ]; then
echo "[$HOMEPATH] not support ACL or not exist"
synoacltool -get "$HOMEPATH" | grep -F "user:$line:allow:rwxpdDaARWcCo:fd--" > /dev/null 2>&1
if [ $? = 0 ]; then
echo "[$HOMEPATH] exist user's Full Control ACL"
synoacltool -add "$HOMEPATH" "user:$line:allow:rwxpdDaARWcCo:fd--"
rm user.list

Any feedback is welcome and appreciated. Thank you!