Synology

123 readers

7 users here now

Community to discuss Synology products including Network Attached Storage (NAS)

Rules

1. No off topic posts

Posts must be related to Synology

2. Be kind

No insults or overtly rude behavior. You can be right just try to be kind too.

founded 1 year ago

MODERATORS

notnotmike@programming.dev

Why allow "everyone" to have read write permission? (kb.synology.com)

submitted 1 day ago by hardful9856@programming.dev to c/synology@programming.dev

2 comments fedilink hide all child comments

https://kb.synology.com/en-global/DSM/tutorial/Docker_container_cant_access_the_folder_or_file#x_anchor_idcd3f1170a3

Why allow "everyone" to have read write permission to shared folders in order to run container manager? Wouldn't this be insecure?

you are viewing a single comment's thread
view the rest of the comments

[–] artwork@lemmy.world 2 points 1 day ago* (last edited 19 hours ago) (1 children)

The question is asked, yet no actual answer is given for the article.
A usual secure way is to set the bind-mounted modes to u+rwx and ownership to the container User UID, which you may check via docker inspect <container> or its image.

Meanwhile, nice choice for the NodeRed! ✨

User namespaces are an advanced feature and require coordination with other capabilities. For example, if volumes are mounted from the host, file ownership must be pre-arranged if you need read or write access to the volume contents.
Source: https://docs.docker.com/engine/security/userns-remap

[–] hardful9856@programming.dev 1 points 23 hours ago

Thanks!