Simultaneously Mounting Encrypted Folders in Synology DSM

If you have Synology and your paranoid level> 0, then surely you are using encrypted folders. Based on encfs, this technology works stably and does not cause any inconvenience. In addition, the case when these folders become 2-3, and even each with its own password! After all, according to the results of research by British scientists , the level of paranoia of an individual individual only grows with time)
Accordingly, entering 2-3 different passwords after each, although rather rare, reboot of the device begins to strain.

Therefore, we will arrange something like a password master.
First of all, create a new encrypted folder, let's call it master .

We put the autorun.sh script into it (below it means that you have access to Synology via SSH):
')
cat /volume1/master/autorun.sh

synoshare -–enc_mount folder1 PASSWORD1
synoshare –-enc_mount folder2 PASSWORD2
synoshare –-enc_mount folder3 PASSWORD3
synoshare –-enc_ummount master


where folderx is the folder and PASSWORDx password for it.

As you can see, we simply mount the encrypted folders one by one, and then unmount the master folder itself. Thus, no one can get to the passwords in the open form prescribed in the script.
If the folders are already mounted, nothing terrible will happen, therefore we do not do any additional checks.

Despite the fact that we do not plan for a long time to keep the master folder in a mounted (open) state, we should limit access to the script autorun.sh as much as possible:

 chown root autorun.sh chmod 700 autorun.sh 

Now it’s a small matter: we need a mechanism that will monitor the appearance of the autorun.sh file in the master folder and execute it. Let's write a simple service:

Note: The service path is for DSM 6.x. For DSM 5.x, the path to the services: /usr/syno/etc/rc.d/ Note that after updating the system, user services can be deleted.

 cat /usr/local/etc/rc.d/S90_automount.sh autorun=/volume1/master/autorun.sh sleep=10 if [ "$1" == "start" ]; then $0 service & echo "Automount service started. Looking for $autorun" exit fi if [ ! "$1" == "service" ]; then echo "Usage: $0 start" echo " Wait for $autorun and run it" exit 1 fi while [ 1 ]; do sleep $sleep if [ -f $autorun ]; then echo "Found $autorun, running..." $autorun & sleep 120 fi done 

That's all! As you can see, we simply check the presence of a file in a loop, and if it is found, we execute it. It was possible to optimize the execution and use the inotifywait command instead of the sleep loop, but apparently this package is not included in DSM.
The service has a very limited functionality, only one start parameter and no stop and status parameters, but they are not needed.

Now we boldly start the service: /usr/local/etc/rc.d/S90_automount.s start
and check that when the master folder is mounted, the folders listed in the autorun.sh file will be mounted within 10-20 seconds, and the master folder itself will be unmounted.

Of the minuses - sooner or later you will forget all your passwords on folders, except for one. And if you suddenly lose the master folder - write down! Avoid this if possible!
From the pros - now you can assign arbitrarily long passwords to the folders - you will no longer have to enter them manually!

Successful administration!