One particularly nice feature of DSM 6.1.x is that it now allows you to block access to the Desktop backend for any user or user group.
Do not apply these settings without first explicitly allowing access for the admin user(s). Otherwise you will be locked out of accessing DSM yourself. If you ended up in this situation look at the solution further below to solve it.
One additional note: if you create a group which has an explicit Deny access privilege to the Desktop and you add the admin user(s) to that group, the Deny might take precedence and block you out as well.
Set allow permissions for the admin user(s):
Simply go to Control Panel > User > select the user > hit Edit > Applications. In there mark Desktop > Allow and apply the changes.
Set Deny permissions for other user(s):
The easiest way to do this would be to create a group of the users you want to block access (without adding the admin account) and applying a Deny privilege:
Stuck Out of Synology DSM and cannot login?
To solve this you need to have SSH access to your Synology box.
- Find your User ID (the first number in the output of the following command – 1026)
sudo grep admin /etc/passwd guest:x:1026:100:admin:/nonexist:/usr/bin/nologin
- Connect to SQlite:
sudo sqlite3 synoappprivilege.db
- Determine the user’s current privileges and it should output something like this:
sqlite> SELECT * FROM AppPrivRule WHERE ID=1026 AND App='SYNO.Desktop'; 0|1026|SYNO.Desktop|0.0.0.0|0000:0000:0000:0000:0000:FFFF:0000:0000||
- Here’s the AppPrivRule table layout:
0|Type|INTEGER|0||0 1|ID|INTEGER|0||0 2|App|varchar(50)|0||0 3|AllowIP|TEXT|0||0 4|AllowIPStd|TEXT|0||0 5|DenyIP|TEXT|0||0 6|DenyIPStd|TEXT|0||0
- Issue the command below, after editing with the correct User ID (1026):
INSERT INTO AppPrivRule VALUES(0,1026,'SYNO.Desktop','0.0.0.0','0000:0000:0000:0000:0000:FFFF:0000:0000','','');
- You should now have access restored.