Running DVR as non-admin user on Synology DSM

jseymour · May 1, 2021, 4:01pm

I know the OP is quite old, but the same issue remains, so...

I, too, asked for this long ago. The Synology NAS is running Linux, so it shouldn't be too awfully difficult. You could probably do it, yourself, with a bit of experimentation.

The Linux package I briefly ran on our LAN server was the same: Installed and ran as "root." I fixed it myself. Near as I can tell, here's what I did:

Installed package normally & ran it to check functionality
Stopped the package
Created "channels" user and groups
Found all files and directories created by channels and changed their ownerships to channels:channels.
Set all channels directories to "sgid channels"
Set file access controls on all channels directories for good measure (see below)
Altered the startup script to "setuid channels" and "setgid channels"

For steps 4 through 6:

Channels was installed in /opt. Since the /home filesystem had the most space, I put channel's data store in there. Then I ran...

#!/bin/sh

for eaBase in /opt /home
do
    cd /$eaBase || exit

    chmod ug+s channels

    # Set user & group owner perms and defaults
    find 'channels' ! -user channels |xargs -i chown channels {}
    find 'channels' ! -group channels |xargs -i chgrp channels {}

    find 'channels' -type d -print |while read pathName
    do
        echo "directory: $pathName"
        chmod 775 "$pathName"
        chmod g+s "$pathName"
        setfacl --set=user::rwx,group::rwx,other:r-x "$pathName"
        setfacl -m d:u::rwx,d:g::rwx,d:o:r-x,d:m:rwx "$pathName"
        setfacl -m d:u:myusername:rwx "$pathName"
    done
done

Restarted the channels daemon and it ran like a champ.

The "myusername" facl was to allow me to poke around in channels' files and directories as me, so I wouldn't have to do it as root (running as root is like driving without seatbelts) or su/sudo to channels:channels. Merely a convenience feature and entirely optional.

The bigger problem for Channels' developers is existing installs. It will be tricky correcting them w/o trashing them in the process.

Other things one maybe could do...

Run Channels under Docker. (But Docker has its own issues, so I'm not certain that's a win.)
Maybe could chroot Channels. (That's quite involved, though.)

tmm1 · July 8, 2021, 9:40pm

A DSM7 compatible spk is available on https://getchannels.com/dvr-server/#synology

It no longer runs as root.

chDVRuser · July 8, 2021, 10:27pm

Wow, that was quick.
Digging into the spk it looks like it installs to /var/packages where the other Synology packages are.
And runs as channels:channels with membership in the videodriver group.

Any reason to run this native spk vs. the containers I'm using?

racameron · July 8, 2021, 10:31pm

I imagine that this supports Synology devices that do not support Docker.

Otherwise, it just comes down to personal preference: do you prefer a bare metal install, or a containerized one?