Jump to content
TNG Community
Hardy

Setting Permissions TNG On Synology NAS With DSM 5.0+

Recommended Posts

Hardy

Installing on a Synology NAS is not a new topic but Synology is evolving its security and file system especially since DSM 5.0 so this may be new material.


Background

You don't have to read this bit. Go to '3. Set Permissions' if you just want to get on with it.

After you've unzipped all the files to your TNG folder, if you happen to log in via an FTP client*, you will notice that all the files and folders have 777 permissions. This might lead you to believe that these are more than necessary to begin setting up TNG. Crucially however Synology DSM 5.0+ does not actually use Unix permissions for the 'web' shared folder access, it uses Windows Access Control List permissions, so you're wasting your time fiddling with Unix permissions.
*Ultimately this means you can successfully install TNG without using any FTP client because this can't be used to set the necessary permissions. Just upload and extract the zip file from your PC/Mac using DSM File Station.

For example, any file in the 'web' folder after upload will have the 777 Unix permissions. However, if you use the Permission Editor in File Station, you will only see ACL Read permissions enabled. Write are disabled. These appear to overrule the Unix settings that appear in an FTP client.

Since the Express set-up uses Unix commands to change permissions, it is ineffective. Therefore....

 
  1. Set Permissions

Follow these instructions for each of the files listed in the set-up. These might change but for me they were:

adminlog.txt, config.php, genlog.txt, importconfig.php, logconfig.php, mapconfig.php, pedconfig.php, subroot.php, templateconfig.php and whatsnew.txt

In File Station, for all of the above files:

  •     Right click on the file and select 'Properties'.
  •     Click 'Permission' tab.
  •     Click 'Advanced options' and select 'Make inherited permissions explicit'.
  •     Select the top user 'http'.
  •     Click 'Edit'.
  •     Select 'Create files/Write data'.
  •     Click 'OK'.

Note you could probably do all the above using Windows Explorer via a mapped drive since it will recognise the Win ACL permissions regime used by NAS. I had a look but the dialogues looked more complex then necessary. I think doing it via File Station has less scope for going wrong. Not sure if Macs can also manage Windows ACL. Anyone?

 
  1. Rename Folders

You will not be able to rename 'gedcom' or 'backups' folders via the set-up readme.html. So:

  •     Rename the folders in File Station by right-clicking on the folder.
  •     Using Text Editor*, open config.php.
  •     Go to the line starting $backuppath and change the folder name in quotes.
  •     Open importconfig.php.
  •     Go to the line starting $gedpath and change the folder name in quotes.


*I suppose you can use you Windows/Mac/Linux editor with a mapped drive but I used one installed directly to DSM:

https://www.synology.com/en-us/dsm/app_packages/TextEditor

Go to step '6. Establish Database connection' and everything should work fine via the readme set-up.I've only just started with my genealogy database so I've not touched most of the features. However, so far so good. I will update the above as I find out myself.

One last thing, to the total noobs (like me) don't forget to forward port 80 on your router for http traffic to get Internet access.

 

Share this post


Link to post
Share on other sites
jrvd

Thank you for posting this.

I am still on DSM 4.2 and cannot find the 'Advanced options'  in the permissions tab in file station. How can I set permissions in DSM 4.2?

btw cannot upgrade to DSM 5 on my Synology 409+ Since it is not supported. 

Thanks. 

Share this post


Link to post
Share on other sites
Hardy

I'll try to help but I only have experience on DSM 5 and I think my instructions are only applicable to DSM 5 due to the introduction of Windows type permissions. The reason for my post was that the standard installation instructions does not cover Windows permissions, only Unix.

I infer that DSM 4 has the standard Unix permissions so, in that case, you should be able to follow Darren's introductory video where he uses an FTP client to log into the NAS and change permissions that way.  Are you having difficulty logging in to your NAS via SSH? If you're using Windows, I recommend WinSCP.

The only other advice I got was from in an email from Darren Lythgoe with advice sent to him by someone else using Synology NAS. However this doesn't really cover permissions:

 

Install the following Synology packages Web Station and phpMyAdmin. (Note phpMyAdmin will automatically install MyMariaDB)
After installation start MyMariaDB. The user name is root but you will need to create a password.
This username and password is also used for phpMyAdmin.
Login to phpMyAdmin and select the user account tab.
Under the current users select the “add user account option”
Enter the name you will give your TNG database. This is the username TNG will use during the install.
Select local for the host
Add your password. This is the password TNG will use during the install.
Select the box “Create database with same name and grant all privileges” (Privileges can be changed later)
Last select if you want to use SSL.
Select the Go button at the lower right of the screen.

During the install, Web Station creates a folder called “web” on the Synology NAS.
Create a subdirectory in the web folder where you want to install TNG.
Extract the TNG.zip file to the subdirectory.
When complete login to DSN and go to web station.
Select Virtual Host
Select Create
Enter your TNG subdirectory name for the host.
Select which port you would like to use otherwise leave the default. (Changing this port will alter your access route)
Use the browse button and select the TNG subdirectory you created
Select OK when complete.
To start the TNG installation navigate to you website:
Start your web browser and enter:
http://www.[yourdomainname]/[tngdirectoryname]

The TNG readme page should appear. If the page does not appear try setting the virtual host port to 80 and make sure your firewall allows access to this port.
Once the readme page appears follow the directions to complete your TNG installation.
Note, if you install a large GEDCOM be patient because it may take a while.

 

Share this post


Link to post
Share on other sites
jrvd

I upgraded to a new NAS216play, running DSM 6.0.2.
Started from scratch with a fresh installation of Webstation, PHP and TNG and followed Steve1200 instructies step by step.
All ok until the permissions part. Used Putty but get the error "chmod: changing permissions of ‘adminlog.txt’: Operation not permitted".

Must have done something wrong but what can it be?
Thanks for the help.
 

Share this post


Link to post
Share on other sites
pingo

Try another way to change permissions (via DSM Software it did not work for me. I used Yummy FTP Pro as far as I remember)

Not every way to change permissions is working, but don't ask me why.

Share this post


Link to post
Share on other sites
jrvd

I tried it through file station first but did not work.

I have now tried it with Putty as described by steve1200 but also no luck.

Share this post


Link to post
Share on other sites
pingo

Try a third way. I remember that I had the same problems.

Share this post


Link to post
Share on other sites
jrvd

Searched for Yummy FTP Pro but is only in paid version.

Is there something similar i could use? I am on Windows 10.

Share this post


Link to post
Share on other sites
Hardy
3 minutes ago, jrvd said:

Searched for Yummy FTP Pro but is only in paid version.

Is there something similar i could use? I am on Windows 10.

Try WinSCP. If it solves your problem, consider donating.

Share this post


Link to post
Share on other sites
jrvd

Thanks. Same problem :(

chown: changing ownership of 'adminlog.txt': Operation not permitted.

Share this post


Link to post
Share on other sites
Hardy

Who is the owner? Should be the same user that unzipped the files.

Share this post


Link to post
Share on other sites
jrvd

The TNG installation is on my own Synology NAS server running Webstation so perhaps this is the problem.

Uploaded the files with Total Commander and also the built in FTP option.

Tried the file station method, Putty and WinSCP but nothing works,

Share this post


Link to post
Share on other sites
pingo

I have the same configuration and had the same problems. You have to find a program which is really changing the permissions on the Synology Server!

After every try, check first, whether the permissions are set right! If not, try another program,....

 

Share this post


Link to post
Share on other sites
jrvd

ok thanks. It is a bit frustrating :-(.
I am only trying 1-2 files first. I am pretty sure it is something simple. Have also tried switching owner but no luck.

Have you uploaded your TNG files through FTP or just by plain copying or extracting?

Share this post


Link to post
Share on other sites
pingo

I just copied them with Yummy FTP pro via FTP. Then I changed with the same program the permissions, as far as I remember.

It's good to have a nice FTP program because I also backup all files of my webserver with Yummy frequently.

Share this post


Link to post
Share on other sites
jrvd

I just realize that I am also using a Synology DDNS service because I have no fixed IP, so that might complicate things as well right?

 

Share this post


Link to post
Share on other sites
pingo

No. Same DDNS IP change here

Share this post


Link to post
Share on other sites
jrvd

Ok strange it is not working for me.
Perhaps a summery might be helpful.

I have my domainname registered with a hosting company and made a DNS redirect to my synology DDNS account.
Settings and connection are ok as far as I can see.
Using Windows 10.

On my Synology NAS I have made a fresh install of Webstation and phpMyAdmin (incl MariaDB).
The phpMyAdmin is installed in it's own map in Web map on my NAS. 
Downloaded TNG 11.1, extracted the file and copied all TNG11 files it to a map TNG11 in Web on my NAS, using Total Commander.
The TNG readme.html opens in my browser but no matter what I try or which software I use, I cannot get the permissions right so cannot proceed with the TNG installation.

Permissions could not be set for these files: adminlog.txt, config.php, mmconfig.php, genlog.txt, importconfig.php, logconfig.php, mapconfig.php, pedconfig.php, subroot.php, templateconfig.php, whatsnew.txt (666 / rw-rw-rw-)photos, histories, documents, headstones, media, gendex, backups, gedcom, mods, extensions, classes (755 / rwxr-xr-x). Please set them manually.

I am pretty sure I am missing something, doing something wrong but cannot see it....

   

Share this post


Link to post
Share on other sites
pingo

Everthing is same here.

How are you opening the readme.html? (Don't just double-click on it! You have to open it via the http:// address of your TNG-files!)

Share this post


Link to post
Share on other sites
jrvd

no double click. I am using my webbrower.

Share this post


Link to post
Share on other sites
pingo

Ok. I did dig in my posts. Here comes the solution: http://www.synology-forum.de/showthread.html?76230-Wie-öffne-ich-eine-html-Datei-auf-meinem-Webserver-mit-genug-Rechten

It's in German, but you could translate it with google.

In short: you have to set the rights for "http" with the Synology DSM and open the readme.html with your webadress.

Good luck!

Share this post


Link to post
Share on other sites
jrvd

Ok great. I will go through this topic. I can read and speak german so no problem. 

Thank you. 

Share this post


Link to post
Share on other sites
Hardy

What do you mean when you say "it does not work" or "nothing works"?

DSM 5+ does not use Unix permissions so it does not matter if you can set them or not. Please forget about them. See the Background section in my post for the reasons.

The key test is not whether Darrin's TNG installation can change permissions, it is whether TNG can write and create files in normal use. Darrin's .php installation uses Unix commands to try to change Unix permissions. So even if you set Windows ACL permissions correctly for TNG to be able to write files as I described, running his set-up again will always give you the message:

Permissions could not be set for these files: adminlog.txt....

This is why my instructions say go to step '6. Establish Database connection'. It means you should skip all before it.

Please confirm what doesn't work and at which step.

Share this post


Link to post
Share on other sites
Steve1200

I have my NAS configured so I do not need to use FTP. I can copy files to and from using Windows but how you get the files on your server does not affect setting permissions. I installed TNG the first time on a DS412+ and had no issues setting permissions manually. The last two times I installed TNG was on a DS1815+. Initially I tried using the Synology File Station to set permissions but did not like the results. File Station did not change the write permissions correctly, for some groups. I should mention since that time Synology has had a quite few updates so I don't know how well it works today. Regardless of how you decide to change permissions you can always check them, using File Station. Anyway I ended up deleting everything on the DS1815+ and installed TNG again setting the permissions manually and everything worked.

One key part to remember is if you change permissions manually, you have to run the sudo -i command after you login with  putty or you won't be able to change anything. Hardy is correct in that once you have set the permissions manually or with DSM, you must skip the setting permissions part of the TNG readme file as it has already been completed. If you don't skip it you will get continue to get the error even though the permissions are correct per Hardy's explanation. The rest of the install should work normally. When you are done check your install out by running the diagnostics test. Go to administration-> setup -> general settings -> diagnostics. Your screen should look like the following:

Diagnostics.JPG

If any permissions or settings are incorrect it will show up on this screen.

That said, all was well in my world until I wrote my own program, which needed to write some files, and I could not get it to work. I had set the file permissions correctly but nothing worked. After some hours of frustration, I finally changed the permissions on the parent folder of my program to 777 and magically everything took off. I do not know if this last part will help anyone but thought I would mention it just in case.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×