owncloud permissions on Synology

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

owncloud permissions on Synology

Eduard Biete

Dear all,

 

I would appreciate if anyone can give me some light in a little issue I’m facing.

 

I installed owncloud 8.2 in a Synology NAS server with the External Folders plugin as for my roaming users to be able to synchronize with our synology file server. I share the folders as “local share”. Everything is running Ok and sync performed. Synology user accounts are sync with Active Directory to keep passwords and users in sync.

 

Issue is related to permissions: Synology requires that folders are root owned in order to apply AD grant/deny permissions but Owncloud requires httpd ownership. Right now I have granted +777 to all folders (root owned) so Owncloud and Synology can both access to files. But, logically now, all users have access to all department folders, which should not happen.

 

Any idea? Please don’t hesitate to ask me any question or clarification that can help in the resolution of this security problem.

 

Thank you in advance.


_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user
Reply | Threaded
Open this post in threaded view
|

Re: owncloud permissions on Synology

Jürgen Weigert
Hey Eduard!

ownCloud requires a way to write the files. In Linux there are three sets of permissions, user, group, others. User permissions are not applicable as your user is not httpd, others permissions are not desirable (your current workaround) if I understand correctly, that leaves us with group permissions.
Please check what the effective group of your httpd is (that group is probably also named httpd), use chgrp -R to put the files in that group, then grant
write permission through chmod g+rw(x) -- not sure if that achieves the security you had in mind, but that might be an idea...

cheers, JW-


 
Am 13.07.2016 um 13:50 schrieb Eduard Biete:

Dear all,

 

I would appreciate if anyone can give me some light in a little issue I’m facing.

 

I installed owncloud 8.2 in a Synology NAS server with the External Folders plugin as for my roaming users to be able to synchronize with our synology file server. I share the folders as “local share”. Everything is running Ok and sync performed. Synology user accounts are sync with Active Directory to keep passwords and users in sync.

 

Issue is related to permissions: Synology requires that folders are root owned in order to apply AD grant/deny permissions but Owncloud requires httpd ownership. Right now I have granted +777 to all folders (root owned) so Owncloud and Synology can both access to files. But, logically now, all users have access to all department folders, which should not happen.

 

Any idea? Please don’t hesitate to ask me any question or clarification that can help in the resolution of this security problem.

 

Thank you in advance.



_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user

-- 
Your Data, Your Cloud, Your Way!

ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)

_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user
Reply | Threaded
Open this post in threaded view
|

Re: owncloud permissions on Synology

Eduard Biete

Thank you for your answwer Jürgen! I will check on Monday when get back from abroad travel, but it sounds good.

 

Regards,

Eduard Biete

 

From: [hidden email] [mailto:[hidden email]] On Behalf Of Jürgen Weigert
Sent: divendres, 15 de juliol de 2016 13:45
To: [hidden email]
Subject: Re: [owncloud-user] owncloud permissions on Synology

 

Hey Eduard!

ownCloud requires a way to write the files. In Linux there are three sets of permissions, user, group, others. User permissions are not applicable as your user is not httpd, others permissions are not desirable (your current workaround) if I understand correctly, that leaves us with group permissions.
Please check what the effective group of your httpd is (that group is probably also named httpd), use chgrp -R to put the files in that group, then grant
write permission through chmod g+rw(x) -- not sure if that achieves the security you had in mind, but that might be an idea...

cheers, JW-


 

Am 13.07.2016 um 13:50 schrieb Eduard Biete:

Dear all,

 

I would appreciate if anyone can give me some light in a little issue I’m facing.

 

I installed owncloud 8.2 in a Synology NAS server with the External Folders plugin as for my roaming users to be able to synchronize with our synology file server. I share the folders as “local share”. Everything is running Ok and sync performed. Synology user accounts are sync with Active Directory to keep passwords and users in sync.

 

Issue is related to permissions: Synology requires that folders are root owned in order to apply AD grant/deny permissions but Owncloud requires httpd ownership. Right now I have granted +777 to all folders (root owned) so Owncloud and Synology can both access to files. But, logically now, all users have access to all department folders, which should not happen.

 

Any idea? Please don’t hesitate to ask me any question or clarification that can help in the resolution of this security problem.

 

Thank you in advance.




_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user



-- 
Your Data, Your Cloud, Your Way!
 
ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)

_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user
Reply | Threaded
Open this post in threaded view
|

Re: owncloud permissions on Synology

Eduard Biete

Hi Jürgen,

 

It doesn’t seems to solve the problem. By default Synology creates the shares owned by root/root with no-permissions, do internally it manages the access using root. If I change the owner to http (without ‘d’, don’t ask me why) then logically no one can access unless I give access to group others so then everybody access everything.

 

Difficult situation but I think I have a workaround: instead of setting the share in Owncloud/External as “local” is to use “SMB/CIFS”. Then I create a user in Active Directory that can have access to all necessary folder and that’s done.

 

Question: to create the same shared folders in OwnCloud, I would need to

 

a)       Remove the current “local” External Storage and create a new “SMB/CIF” External Storage -> In terms or syncing and database, how this affects?

b)      Change manually the type in SQL in order to avoid a) syncing problems (if any)

 

Any suggestion?

 

Thanks in advance.

 

From: Eduard Biete [mailto:[hidden email]]
Sent: viernes, 15 de julio de 2016 21:00
To: 'For users of ownCloud' <[hidden email]>
Subject: RE: [owncloud-user] owncloud permissions on Synology

 

Thank you for your answwer Jürgen! I will check on Monday when get back from abroad travel, but it sounds good.

 

Regards,

Eduard Biete

 

From: [hidden email] [[hidden email]] On Behalf Of Jürgen Weigert
Sent: divendres, 15 de juliol de 2016 13:45
To: [hidden email]
Subject: Re: [owncloud-user] owncloud permissions on Synology

 

Hey Eduard!

ownCloud requires a way to write the files. In Linux there are three sets of permissions, user, group, others. User permissions are not applicable as your user is not httpd, others permissions are not desirable (your current workaround) if I understand correctly, that leaves us with group permissions.
Please check what the effective group of your httpd is (that group is probably also named httpd), use chgrp -R to put the files in that group, then grant
write permission through chmod g+rw(x) -- not sure if that achieves the security you had in mind, but that might be an idea...

cheers, JW-


 

Am 13.07.2016 um 13:50 schrieb Eduard Biete:

Dear all,

 

I would appreciate if anyone can give me some light in a little issue I’m facing.

 

I installed owncloud 8.2 in a Synology NAS server with the External Folders plugin as for my roaming users to be able to synchronize with our synology file server. I share the folders as “local share”. Everything is running Ok and sync performed. Synology user accounts are sync with Active Directory to keep passwords and users in sync.

 

Issue is related to permissions: Synology requires that folders are root owned in order to apply AD grant/deny permissions but Owncloud requires httpd ownership. Right now I have granted +777 to all folders (root owned) so Owncloud and Synology can both access to files. But, logically now, all users have access to all department folders, which should not happen.

 

Any idea? Please don’t hesitate to ask me any question or clarification that can help in the resolution of this security problem.

 

Thank you in advance.



_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user

 

-- 
Your Data, Your Cloud, Your Way!
 
ownCloud GmbH, GF: Markus Rex, Holger Dyroff
Schloßäckerstrasse 26a, 90443 Nürnberg, HRB 28050 (AG Nürnberg)

_______________________________________________
User mailing list
[hidden email]
http://mailman.owncloud.org/mailman/listinfo/user