Synology, Docker, OH3, Z-Wave working without root access

OH2.5 has been very stable running in a Docker container on a Synology NAS for a couple of months so its time to move to on OH3. Forum searches seemed to be hit and miss without running as root and without using the host network. The following two changes have made the z-wave dongle consistently available to OH3 for me.

1). Create a udev .rules file to assign the z-wave dongle to the group that OpenHAB is running under and to give that group read/write access to the dongle.

2). Add a device mapping by exporting the OH container to a json file, editing the file to add a device mapping for the dongle, and then creating a new container by importing the json file.

The details are below. Sorry for the lengthy post.

Configuration in DSM
Use the DSM UI to create a group named “openhab”, a user named “openhab” and assign the openhab user to the openhab group.

SSH SSH configuration
SSH into the Synology and get root access with the “sudo –I” command (that’s dash lower case eye).**
Enter “id openhab” to display the openhab user.

login as: Jim
Jim@NAS's password:
Jim@NAS:~$ sudo -i
root@NAS:~# id openhab
uid=1027(openhab) gid=100(users) groups=100(users),65536(openhab)

Make note of the id numbers the user and the openhab group. In my case the user is 1027 and the group is 65536,

Using the Linux device name that the z-wave dongle is assigned to (mine is /dev/ttyACM0) enter the following command to get the Vendor Id, Product Id and Serial number of your dongle. This command should be entered all on one line.**

udevadm info -a -n /dev/ttyACM0 | grep '{serial}\|{idVendor}\|{idProduct}' | head -n3

The result will be something like


Next, create a file named 99-usb-zwave.rules in /lib/udev/rules.d and enter the following command in the file substituting your values for mine. The command should be entered all on one line in the file. This command assigns the dongle to the openhab group and gives read/write access to the openhab group

SUBSYSTEM=="tty", ATTRS{idVendor}=="0658", ATTRS{idProduct}=="0200", ATTRS{serial}=="ffffffd1ffffffb2ffffffdbffffffad", GROUP="openhab", MODE="0660"

Save the file and restart the NAS so that the change takes effect.

Docker Configuration

Ensure the “Execute container using high privilege” checkbox and the “use the same network as Docker host” checkbox are both cleared.

Set the following values on the Environment tab:

  • JAVA_EXTRA_OPTS: -Duser.timezone=America/Chicago
  • GROUP_ID: set to the group id from the “id” command executed earlier (65536 in my case).
  • USER_ID: set to the user id from the “id” command executed earlier (1027 in my case).

OpenHab configuration
Install the Z-Wave binding and set the Port Configuration in the Thing to your device (/dev/ttyACM0 in my case).

Back in the Docker UI click on the Container tab in the left hand panel then click on the OpenHAB container just created. Click Settings → Export, select the Export container settings radio button, the Export to Synology NAS radio button, and select a folder to save the exported file in. Then export the file,

Edit the exported .json file. There will be a null Devices section.

   "devices" : null,

Replace the null devices section with the following, replacing /dev/ttyACM0 with your value.

  "devices" : [
   	  { "PathOnHost": "/dev/ttyACM0",
   	    "PathInContainer": "/dev/ttyACM0",
   	    "CgroupPermissions": "rw"

Back in the Docker UI delete the original container that you exported from (yep, delete it). I found that if I did not delete the container attempting to map ports when creating the new container would always result in a “port in use” error message.

After the container is deleted click on Settings → import, select the json file that you just added the device mapping to, and import the file. Start the container and the Z-Wave bridge will be Online.

One final note. Save a copy of the 99-usb-zwave.rules files. The original in the /lib/udev/rules.d folder was deleted with Synology did a DSM update. With a copy of the file save somewhere it will be easy to replace it if the file is deleted again on the next update.

  • Platform information:
    • Hardware: _Synology RS1221+,
    • OS: DSM 6.2.4, Docker 18.09.0
    • Java Runtime Environment: none
    • openHAB version:3.0.1

Perfect, this solved my problem with Aoetec Zwave Stick and OH3 in Docker.
Thanks for the good writeup.

Dear @JimH

First of all, I am very glad that I found your post today. Otherwise I would still be struggling to get things up and running.

My configuration: Synology RS1221+, DSM7, openHAB3.2-debian as a Docker container, Z-Stick Gen 5

Unfortunately your instructions were not leading me to running OH without root privileges, but at the end it was helping me to get it running at all - but without really knowing why. :frowning:

My biggest issue today was that I found information on getting the above configuration running all over the web. Maybe you could have a glance on my steps and let me know some correctional steps?
I would love to write up instructions for other (and me of course) which help to find the proper way to do it.

What I did (sorry for long post):

# 1 Preparation

  • Downloaded openHAB Docker Image from the Docker app on Synology.
  • I selected 3.2.0-debian

## 1.1 Modifying USB Setting

  • sudo modprobe usbserial
  • sudo modprobe ftdi_sio
  • sudo modprobe cdc-acm

## 1.2 Modifying OpenHab Settings

  • sudo synouser --add openhab habopen “openhab user” 0 x@y.z 0

  • sudo synogroup --add openhab openhab

  • sudo synogroup --add dialout openhab

  • sudo chown root:dialout /dev/ttyACM0

  • sudo chmod g+rw /dev/ttyACM0

2 Installing Driver

Followed the given instructions:

  • The kernel modules for each supported platform can be found in modules/. Copy the required files to the Synology and move them to /lib/modules
  • To get DSM 7 to load the modules at boot time, copy the included file to /usr/local/etc/rc.d
  • Make sure that the file has executable permissions: chmod +x /usr/local/etc/rc.d/

# 3. Synology, Docker, OH3, Z-Wave w/o root


  • Section “devices” : null, was not included in the exported json
  • Therefore, I inserted your suggested “devices”-section
  • Because the stick didn’t come online after creating a container with the config of the device section, I moved on to the next step

# 4. Assign High Privileges to Container

  • Again I assigned high privileges to the container.

  • After a restart of the container, the Z-Stick was online - hooray!

Any idea why without following your instructions didn’t work for me - even with high privileges.
With your instructions it work ´s now, but I still have to assign high privileges to the container.

Happy to learn about your view


P.S.: Maybe it is a DSM7-thing, as I see that your instructions are related to DSM 6.2.4?

Hi Bodo, I’m glad the post helped. The short answer is that my instructions work with DSM7 only if the container is run as privileged. This a DSM7 issue that I have not yet been able to resolve.

I’ve been trying to get the Z-Stick working on DSM7 for the last week without success. No matter what I have tried OpenHAB needs to run as privileged in Docker in order to “see” the Z-Stick. FWIW it seems to be running well as privileged. I’m not a Linux person so right now I’m at a loss of what to even look at.

Looking at the procedure that you outlined:

  • The modprobe commands should be put into a scheduled task that runs at system boot. They are only temporary and are wiped out each time DSM is started.
  • I don’t believe OpenHAB uses dialout anymore.
  • The userid & group need to be entered via Synology’s UI – I don’t know why but I’ve read several posts confirming this.
  • The drivers are already installed by Synology – no need to download them.
  • Synology doesn’t export the devices: section anymore. Just add the entire section – the sections seem to be in alphabetical order. This makes me wonder if Synology is also suppressing the devices: section on import, which would explain needing to run OpenHAB as privileged. I believe that I saw a post somewhere indicating that running Docker outside of Synology’s UI allowed OpenHAB to run without privileged, but I have not yet followed up on that. I prefer to use Synology’s programming as much as possible and I have not yet given up :slight_smile:


Hi i have a NAS DS720+ running DSM 7.1 and want to run OH 3
but as soon as i try to create a user via:

i get an error ;
synouser.c:522 Arguments error, need [username pwd “full name” expired{0|1} mail AppPrivilege]
is this a version issue?

The userid and group need to be created via Synology’s UI.