Update | Date |
---|---|
First version of the setup | 01/08/2021 |
Added a note regarding the /data share Cleaned up the guide with LanguageTool General formatting updates | 14/03/2022 |
In older versions of my guides and in practice I was using my main admin users details for all my Docker containers. This is not great for security, so it is good practice to set up a unique user with more limited share and application access for your containers. We won’t ever be using this user to log into DSM it is purely for Docker.
Creating a User
Navigate into the DSM control panel and open up ‘User’ then click Create.

You can call the user whatever you want, I just kept mine simple and created one called ‘dockerlimited’
It’s also a good idea to generate a very strong random password for the user, while it will be a very limited account you don’t want to give it an easy to guess password. You will never need this password for what we are doing.

Next we are going to add this new user to the ‘users’ group as we don’t want it having any sort of admin access.

Next we are going to allow this user ‘Read/Write’ access to the data* and docker folders, if you have any other folders it should default to ‘No Access’.
*Please note if you are not following one of the media setup guides you will not have the /data share so don’t worry if it is missing.

Nothing to change on the User quota settings just click ‘Next’

Our user will not require any application permissions so check the ‘Deny’ button at the top of the screen.

Again we don’t need to set any speed limits for this user so click on ‘Next’

The final screen will just confirm your settings make sure the correct shares are in the ‘Writeable’ list, click on ‘Done’ and your user will be created.

Obtaining the new users PUID and PGID
Now we have created the new user for your containers we need to obtain the PUID (Personal User ID) and PGID (Personal Group ID). These are used to pass file permissions through to our containers.
You will need to SSH into your Diskstation using ‘PuTTY’ or an equivalent program depending on if you are a Windows, Linux, or Mac user.
Go back into the Control Panel again and enable SSH

Open up ‘PuTTY’, the only thing you need to enter is the IP address of your NAS and select the SSH radio button.

Click on ‘Open’, you will get a prompt asking if you trust the key, if this is the first time you have used SSH, just press OK or accept.
Enter the login information for your main Synology user account, you will not be able to see the password as you type it.
Once logged in type the below replacing ‘dockerlimited’ with the name of the user you created if you changed it.
id dockerlimited
This will show the UID (aka PUID) and GID (aka PGID) as below
uid=1028(dockerlimited) gid=100(users) groups=100(users)
You have now successfully set up your limited access user and obtained its IDs for use in Docker. You can now go back to the guide you were following.
Throw me some bits or buy me a coffee?
If you have found my site useful please consider pinging me a tip as it helps cover the cost of running the site, you can even buy me a coffee 🙂
![]() | ![]() | ![]() |
Couple questions. Im fairly new to all this so any help would be appreciated.
When I get to the permissions section of the user, my docker group permissions come up as “Read Only”. Why would that be?
When i try to get my UID and GID from puTTy is says it doesnt have permissions for it. I can get the UID and GID for my main user via a email on task schedule but im guessing that doesnt suffice. What do i do there?
Hey, so the user we create is purely for accessing the directories setup in step 1.
SSH in with you main user account to get the ids for your Docker user as per the guide.
The group side of things it’s a bit hard to tell, jump on Discord or ping me a screenshot via the contact page on the top left of the site.