Passwordless sudo (sudoers drop-in)
v1.0
·
Updated 4 days ago
Set up passwordless sudo
Some commands need elevated privileges on the NAS: /smart-status (smartctl), /health-summary and /dsm-update-check (synoupgrade) as well as all Docker commands (/usr/local/bin/docker). For them to run non-interactively, a passwordless sudoers entry is required.
DSM has no visudo
Unlike most Linux systems, DSM has no visudo. The clean way is a drop-in file under /etc/sudoers.d/:
echo '<user> ALL=(ALL) NOPASSWD: /usr/bin/smartctl, /usr/syno/sbin/synoupgrade, /usr/local/bin/docker' \
| sudo tee /etc/sudoers.d/synology-manager-plus
sudo chmod 0440 /etc/sudoers.d/synology-manager-plusDeliberately restrict the grant to exactly the programs needed — not to ALL. If you don't need Docker, leave out /usr/local/bin/docker.
Re-check after major DSM upgrades
A major DSM upgrade can reset drop-ins under /etc/sudoers.d/. If a command reports missing sudo afterwards, simply recreate the file. The affected commands point to exactly this step on failure.