Perfect timing for the review. I struggle with one issue for 3 weeks and Synology confirmed it is a Known Issue (that means they are working on finding a resolution).
Will mentioned in the video one important thing - ransomware protection, but did another completely opposite - giving access to everyone for /photo
If Photos are important, then nobody should have explicite/direct access. All exchanges should be done using Synology Photos frontend.
I would not recommend anyone to provide direct access to anything important like /photo
I did not know (and scratched my head for awhile) that Synology Photos organized photos in two ways - no organization (when the view is Folder View) and creates subdirectories year/month (when the view is Timeline View).
The issue I faced seems to be complex, because of many parties are involved.
The issue.
Setup
- Synology Photos with Shared Space
- default permissions on /photo
- few pictures are uploaded in any view
- MacOS or Linux computer
Scenario
- select multiple photos (2 is more than enough)
- click the button to download selected images
- Extract archive using standard system tools (Archive Utility or unzip)
- open the file
Expected Result
- the file is opened and displayed correctly
Actual Result
- the file cannot be read
I found out, that DSM and Photos messing up with permissions when multiple files are downloaded.
Permissions on files in downloaded via Synology Photos
----------
or 000
Permissions on files in downloaded via File Station
-rwxrwxrwx
or 777
When I extract a downloaded archive I do not want any file to be executable at the same time I want to be able to read and modify (sort of default permissions for user)
-rw-------
or 600
or
-rw-r--r--
or 644
Answer from Synology support for MacOS users is - use application The Unarchiver
Application is good. Lightweight and sets default permissions if there are none (but does not remove executable, however MacOS marks files for quarantine).
Back to ransomware. Making all files executable is a very dangerous thing. This could be exploited and then not only data on NAS get encrypted but one’s remote family and friends who downloaded shared files.
I checked how Google solves the problem on Google Drive and Google Photos. By analysis of the archives, it looks like the information either stripped or the files are copied to FAT partition before going inside the file download.zip