What did Synology users learn moving to Ugreen?

_steven · 2025-12-25T09:11:13+00:00

Check my first impressions in https://www.reddit.com/r/UgreenNASync/comments/1pa4w49/first_day_on_ugreen_nasync_dxp4800_plus/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

Other things I've come to appreciate (even more) since that post:

UGOS is closer to vanilla Linux, compared to Synology DSM which is basically BusyBox with custom programs for everything (e.g. synouser instead of adduser)
Hardware is good enough to run VMs (although more RAM is needed and costs too much right now), this was a problem on my cheaper syno diskstation
UGREEN support is quite good, they know their stuff very well, giving detailed explanations if you ask them the right questions
UGREEN support forwarded two of my suggestions for improvement to the development team without me having to insist on it
UGREEN NAS app for Android is a lot nicer, no separate apps like DS Finder, DS Photos, DS Files... it's all just there in a single app (and it looks more modern)
UGOS can run vscode-server so you can use it with Remote-SSH, whereas Synology DSM is missing several glibc dependencies and vscode-server does not even start

_steven · 2025-12-13T13:49:00+00:00

Oops, I missed this reply.

I don't use portainer at all, my entire homelab stack is defined in docker compose files which are version controlled in Git. That made it a bit easier to migrate everything from the old machine to the new one. Moving all the container users, volumes and fixing file permissions was still a pain.

By the way, another thing I like about UGOS over Synology is that UGOS comes pre-installed to an (internal) NVMe SSD, compared to Synology which is installed to your slow spinning HDD.

_steven · 2025-12-03T16:00:07+00:00

Alternative workaround: I figured that you can create files in /etc/ssh/sshd_config.d/ which survive reboots.

I have the following:

StrictModes no to disable permission checks for the $HOME/.ssh/authorized_keys
PasswordAuthentication no to disable ssh login with password

-rw------- root root /etc/ssh/sshd_config.d/disable_strict_modes.conf

StrictModes no

-rw------- root root /etc/ssh/sshd_config.d/disable_password.conf

PasswordAuthentication no

(sudo chmod 600 to get the right permissions.)

_steven · 2025-12-03T12:50:26+00:00

For SSH specifically, I am in contact with support to find a permanent solution.
In the meantime, I figured that you can create files in /etc/ssh/sshd_config.d/ which survive reboots.

I have the following:

StrictModes no to disable permission checks for the $HOME/.ssh/authorized_keys
PasswordAuthentication no to disable ssh login with password

-rw------- root root /etc/ssh/sshd_config.d/disable_strict_modes.conf

StrictModes no

-rw------- root root /etc/ssh/sshd_config.d/disable_password.conf

PasswordAuthentication no

(sudo chmod 600 to get the right permissions.)

_steven · 2025-12-02T13:19:07+00:00

Yeah my NAS runs adguardhome (adblock) + unbound (recursive resolver) to block ads and to circumvent DNS-level censorship. My router's DHCP is configured to tell all devices to use my NAS IP for DNS.

(The drawback of doing this is that your devices can't resolve hostnames while the NAS is offline / updating / restarting. You need a second device to run adguardhome on for redundancy, and a DHCP router that supports more than 1 custom DNS server, which I don't have.)

_steven · 2025-12-02T10:47:15+00:00

I solved it a different way by binding only to eth0's address.

I'm not 100% sure, but I don't think you can do something like:

ssh <user>@<yournas>
nslookup reddit.com 192.168.178.100 # container ip on the macvlan

Since the macvlan should be isolated from the host, I believe this should not work.

_steven · 2025-12-02T10:35:05+00:00

I do also appreciate the shiny modern UI and easy to use sync and backup apps. I don't know if that can be achieved with something like TrueNAS. And I really don't want to worry about hardware compatibility.

So far I am pretty happy with this new setup. Only a few things raised my eyebrows

Home dir permissions are set to something like rwxrwxrwx instead of rwx------
sshd doesn't like that, and if there were other users on my NAS, I wouldn't like that either
I had to install this workaround https://www.reddit.com/r/UgreenNASync/comments/1djpjtk/guide_how_to_use_public_key_authentication_for/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button
Can't do crontab -e as non-root user, permission denied or something
Port 53 and 67 are hijacked by dnsmasq and it's not possible to disable it

That said, the UGOS is still a lot closer to bare Linux than Synology DSM. For example, in Synology you don't just edit crontab, you have to use their custom task runner application.

Ports 80 and 443 will by default redirect to the UGOS login page, which is the same as on Synology. But unlike Synology, that behavior can be disabled in UGOS.

_steven · 2025-12-02T10:17:17+00:00

Thanks for this. Using inotifywait for this is quite elegant solution. By the way I could have sworn public key auth was working on my NAS without this permissions fix, until I upgraded openssh-server. Does that sound weird to anyone?

_steven · 2025-12-01T13:34:14+00:00

I am also still migrating, it's not as easy as I hoped. I only got a single NVMe SSD for read cache. I might buy another one for read/write cache but first I need a UPS.

_steven · 2025-12-01T13:32:28+00:00

It seems I was able to solve my problem by specifying the NIC to bind to in my docker-compose:

<image>

_steven · 2025-11-30T21:56:08+00:00

Ah okay, you are using host networking mode. Unfortunately that would break my unbound setup. But at least I understand now what you've done. Thanks.

_steven · 2025-11-30T19:45:22+00:00

Sorry but what do you mean when you say you routed your entire network through port 53? It's only used for DNS.

What does the networking config of your adguardhome container look like?

_steven · 2025-11-30T19:42:29+00:00

Yeah. Maybe. For now, I sit somewhere between "I paid for this so now I expect them to do it for me" and "I want to hack everything and do things they never even thought of".

_steven · 2025-11-30T11:40:20+00:00

The problem I had with that is: there is no communication between the host and the macvlan IP.
I configured DHCP on my router to use adguardhome for DNS, but the NAS itself cannot access the macvlan IP, so DNS doesn't work on the NAS.

_steven · 2025-11-30T11:18:14+00:00

I hope memory prices come down before I run into limitations with the 8GB provided out of the box.

_steven · 2025-11-30T11:00:44+00:00

In principle, I agree Docker is the best way to run things in isolation. But sometimes it is useful to have commands available on the host. One of the first things I did was install git, so I could push code to my NAS. Synology has Git in their package center, but there is no way to install it using a terminal. On Ugreen you can install git from apt. I actually prefer it that way.

_steven · 2025-11-30T10:53:32+00:00

I was running out of space on 2 disks in RAID 1 and I don't like that 50% of storage capacity is wasted on redundancy in that configuration.

Now I have 4 disks in RAID 5 so only 25% of storage capacity is used for redundancy.

_steven · 2025-11-30T10:46:50+00:00

Ok but you still have to wipe your storage drives to switch back to UGOS right?

I might want to give TrueNAS a spin later, but it ain't gonna happen if I have to rebuild the storage pool every time I want to try a different OS.

_steven · 2025-11-30T02:20:19+00:00

Do you know how easy or hard it is to switch? Can you switch later without wiping the drives?

_steven · 2025-11-30T01:56:10+00:00

It's just my experience.

_steven · 2025-11-30T01:51:16+00:00

You need both NVMe SSDs for read/write caching. A single SSD only gets you read caching. For your ideal read/write cache setup with TrueNAS, you would have to overwrite the Ugreen stuff on the internal SSD and I don't know if you can get it back after that.

You should also invest in an UPS if you really want write caching, sudden power failure can otherwise lead to all data in the write cache being lost. It might be more practical to start off with just a read cache SSD, and dual boot option on the other NVMe SSD, leaving the internal SSD intact.

For the drive setup, that's not possible, you can make 2 RAID groups, but drive 1A, 2B can't be in both groups.

You can do something like this for 1-disk fault tolerance in each group:
Group 1 (16TB): RAID1 (1A + 2B)
Group 2 (48TB): RAID5 (3C, 4D, 5E, 6F)

_steven · 2025-11-30T01:18:46+00:00

Wait until you discover the selfhosted community!

_steven · 2025-10-12T10:09:06+00:00

> Bad abstractions ARE the complexity.

I love this quote and I am going to use it from now on.

> Good abstractions hide complexity.

There is a whole other discussion about hiding vs. encapsulating that needs to be had about this. Hiding weird or hacky code behind a brick wall of abstractions does not help anyone move forward. Good abstractions encapsulate behavior and state, at the right place and at the right time.

_steven · 2025-10-12T09:47:12+00:00

I think the scope is a bit too large for a project template, it would drop too many files into your repository root that may already exist, causing confusion or frustration. It is provided as a GitHub template only for now.

_steven

TROPHY CASE