How To Create A Service Account

This post is donation-ware. If it did help you, please consider leaving a comment or even buying me a coffee. I will be eternally grateful.

create a service account, dsm7

Primary objective

Create a service account to run a service on your Synology NAS.

Secondary objective(s)

When you create a service account, you improve the system’s safety and the service’s stability.

Background

Some services on your NAS, typically backup services, need a user account to log in to the destination NAS.

Although it is widespread to use an account of one of the users, it is preferred to tailor a dedicated user account for the task: a service account.

A service account starts as a regular account but with several restrictions and limited permissions necessary for the task. This improves the safety of your system and the stability of the service.

ServiceAccount NameUser GroupFolder PermissionsApplication PermissionsQuota
Hyper Backup Vaulthb-vault-userusersr/w to the backup folderHyper Backup Vaultno
Hyper Backup – rsync / rsync (single version)hb-rsync-userusersr/w to the backup folderrsyncno
Shared Folder Syncsfs-useradministratorsn/arsyncn/a
Synology Drive ShareSyncsdss-useradministratorsn/an/a
Time Machine backup (macOS)tm-userusersr/w to the backup folderyes

If you have multiple Apple Mac computers, create a tm-computer-name-user account for each computer and assign a quota to each service account. Please reference the tutorial on how to set up Time Machine backup on your Synology NAS.

For help creating user accounts, please reference Better User Management.

Actions

Before we get into action to create a service account, let’s determine a few assumptions first.

  • If a service needs a shared folder on the NAS, create that shared folder before you make the service account.
  • If a service needs an account with administrator privileges, apply step 4 and skip step 5.
  • If a service does not need a user quota, skip step 6. Note that The Assign user quota screen differs for Ext4 and Btrfs volumes.
create a service account, dsm7

There are nine steps in the procedure. The steps apply to DSM7.

  1. Log in to DSM with administrative privileges
  2. Open Control Panel, User & Group, User tab, and click on the Create button
  3. in the Enter user information screen, fill in name, description, and password; enable Disallow the user to change account password; click Next
  4. optional: in the Join groups screen, depending on the service you create an account for, enable the administrators group; click Next
  5. optional: in the Assign shared folder permissions, depending on the service you create an account for, enable Read/Write permissions for the shared folder; click Next
  6. optional: in the Assign user quota screen, assign a user quota to the volume (Ext4) or the shared folder (Btrfs); click Next
  7. in the Assign application permissions screen, deny permissions for all services except for the required permission; click Next
  8. in the User speed limit screen, click Next
  9. in the Confirm settings screen, review your settings and click Done

Congrats, you just learned how to create a service account and achieved the primary and secondary objectives.

Thanks for reading

This post is donation-ware, and I made it to help you. Please consider leaving a comment or even buying me a coffee if it did. I will be eternally grateful.

Paul Steunebrink / Storage Alchemist

Leave a Comment

Your email address will not be published. Required fields are marked *