Synology Photos - Synology for Photographers Part 2

ZippedPhotos · May 12, 2023, 2:24pm

Perfect timing for the review. I struggle with one issue for 3 weeks and Synology confirmed it is a Known Issue (that means they are working on finding a resolution).

Will mentioned in the video one important thing - ransomware protection, but did another completely opposite - giving access to everyone for /photo

If Photos are important, then nobody should have explicite/direct access. All exchanges should be done using Synology Photos frontend.

I would not recommend anyone to provide direct access to anything important like /photo

I did not know (and scratched my head for awhile) that Synology Photos organized photos in two ways - no organization (when the view is Folder View) and creates subdirectories year/month (when the view is Timeline View).

The issue I faced seems to be complex, because of many parties are involved.

The issue.
Setup

Synology Photos with Shared Space
default permissions on /photo
few pictures are uploaded in any view
MacOS or Linux computer

Scenario

select multiple photos (2 is more than enough)
click the button to download selected images
Extract archive using standard system tools (Archive Utility or unzip)
open the file

Expected Result

the file is opened and displayed correctly

Actual Result

the file cannot be read

I found out, that DSM and Photos messing up with permissions when multiple files are downloaded.

Permissions on files in downloaded via Synology Photos
---------- or 000
Permissions on files in downloaded via File Station
-rwxrwxrwx or 777

When I extract a downloaded archive I do not want any file to be executable at the same time I want to be able to read and modify (sort of default permissions for user)
-rw------- or 600
or
-rw-r--r-- or 644

Answer from Synology support for MacOS users is - use application The Unarchiver

Application is good. Lightweight and sets default permissions if there are none (but does not remove executable, however MacOS marks files for quarantine).

Back to ransomware. Making all files executable is a very dangerous thing. This could be exploited and then not only data on NAS get encrypted but one’s remote family and friends who downloaded shared files.

I checked how Google solves the problem on Google Drive and Google Photos. By analysis of the archives, it looks like the information either stripped or the files are copied to FAT partition before going inside the file download.zip

Will · May 12, 2023, 4:38pm

First off your section on permissions super helpful!

I disagree with that. If someone wants to delete a photo they can do it on the app or in the files all the same. For professional photographers with teams you want everyone to be able to dump exports without issue.

Snapshots are there to undo whatever someone does.

This is absolute huge information! I have had a client report an issue with permissions and I never got to the bottom of it! Great to know!

ZippedPhotos · May 12, 2023, 6:17pm

Synology allowed me to share the issue with the community. If your clients need it resolved, everyone can open a ticket about this, just to increase priority and have it as a part of 7.2

I’m still working on 3-2-1 and do not have snapshots implemented. For uploads I would try to find (I’m new to Synology) another approach with a “landing place” (dumpster) which will sync/move one way to /photo.

I see the use case of convenience to have /photo mounted, but without snapshots or 3-2-1 I would evade giving access to anyone.

rm -rf works damn fast. and /photo does not have recycle bin enabled by default (which I enabled).

Will · May 12, 2023, 9:35pm

Because it does work so fast and easy I ALWAYS enable snapshots. They dont hurt anything and are the very first thing I setup on every clients NAS