Skip to main content
Version: TOS 6

Shared Folders

A shared folder is a network storage space. You can create multiple shared folders to store different types of data, or provide access to files for different users or user groups.

Creating a Shared Folder

Shared Folder

Follow the on-screen prompts to complete the creation of the shared folder.

  • Hide this shared folder in "Network Neighborhood": Specify whether the shared folder is displayed or hidden under "Network" in Windows File Explorer. Checking this option does not affect the folder's access permissions; you can still access the shared folder via the path “\Server Name\Shared Folder Name”.
  • Enable Recycle Bin: When enabled, files deleted from the shared folder will be moved to a folder named #recycle. You can set permissions to allow only users in the admin group to access the Recycle Bin.
  • Shared Folder Access Permissions: When setting access permissions for a shared folder, the system will display the user's actual access permissions based on the user's individual permissions, the permissions of their affiliated user groups, and the permission priority order (Deny > Read/Write > Read-Only).
  • Storage Quota: Specify the maximum capacity limit for the shared folder. The storage quota for a shared folder can only be set if the Btrfs file system is used.
Naming Rules
  1. Shared folder names cannot contain spaces or the following special characters: $ % & ' ( ) * + , / : ; < = > ? @ [ ] \ ^ ` | ~. However, hyphens (-) and underscores (_) are allowed.
  2. Shared folder names must be 1 to 64 characters in length and cannot be the same as any user name.
  3. Shared folder names cannot use system-reserved names or default system folder names, such as: "root", "admin", "home", "homes", "desktop", "usbshare", "usbshare1", "usbshare...".
Note
  1. If a shared folder has been enabled as a TerraSync Team Folder, after deleting files from this shared folder, you must first empty the Recycle Bin in File Manager, then go to the Recycle Bin in the TerraSync app for a second cleanup to ensure the files are completely deleted and space is released.
  2. If the shared folder or volume where the file is located has snapshots, after deleting the file, you must delete all related snapshots in the Snapshot app or "File System Snapshots" to release space.
  3. You must set a retention period for the Recycle Bin. Deleted files are retained for a maximum of 60 days; after this period, the system will permanently delete these files.

Encrypted Shared Folder

The process of creating an encrypted shared folder is similar to creating a regular shared folder. However, after clicking "Create", you need to check "Encrypt this shared folder" and enter an encryption key. Once a shared folder is encrypted, even if the hard drive is removed from the NAS and mounted on another device, users without the encryption key cannot access or modify the encrypted data.

Password Rule

The password must be at least 8 characters long.

Note
  1. An encrypted shared folder can only be accessed after it is mounted by an administrator; otherwise, no users can access any of its contents.
  2. Newly created encrypted shared folders are mounted by default.
  3. When creating new subfiles or subfolders in an encrypted shared folder, the maximum length of the name is 143 characters.
  4. File backup services are only supported for encrypted shared folders when they are in the mounted state.

Key Management

Encrypted shared folders use hardware encryption to protect data security. It is recommended that after successfully mounting an encrypted shared folder, you immediately export and securely store the key file (with the .key extension). Be sure to keep the encryption key safe; if the key is lost, you will not be able to recover or access the encrypted files.

Mount/Unmount

Mounting and unmounting encrypted shared folders are important methods for implementing data sharing, access control, and security protection. After mounting, users can easily access and share data; unmounting protects data from unauthorized access and leakage.
Mount: When mounting an encrypted shared folder, you need to enter or import the encryption key. After successful mounting, the small lock icon in the bottom-right corner of the folder icon will be displayed in an open state.
Unmount: After unmounting an encrypted shared folder, the lock icon will be closed, the folder will be hidden in File Manager, and all connections related to this folder will become invalid.

Note
  1. To ensure data security, unmount the encrypted shared folder after use. Remount it when you need to use it again.
  2. You can only rename an encrypted shared folder or move it to another storage space after it has been unmounted.

Managing Shared Folders

General Operations

  • Folder Information: You can edit the general information of a shared folder, such as its name, description, and migrate it to another volume.
  • Search: Enter keywords to find the folder you need.
  • Refresh: Refresh the list of shared folders. If the interface does not display the latest changes to shared folders (including creation, deletion, or space usage) in a timely manner, click the Refresh button.
  • Delete: Select the shared folder you want to delete and click the Delete button. A mounted encrypted shared folder must be unmounted before it can be deleted.

Permissions

You can flexibly set access permissions for users, user groups, and application users to access the shared folder and its contents, as well as the access permissions for individual subfiles and subfolders within the shared folder.

Note

In TOS 6.0 and later versions, the access permissions for shared folders are controlled by Windows ACL by default. Additionally, you can manage permissions via File Manager or Windows File Explorer.

Setting Permissions

You can set access permissions for the shared folder by checking or unchecking the permission checkboxes corresponding to users, user groups, and application users. The permissions are explained as follows:
Deny: The user is explicitly denied access to the shared folder and cannot view or manipulate any content of the shared folder.
Read/Write: The user is granted full access permissions, allowing them to browse files in the shared folder and modify, add, or delete these files.
Read-Only: The user only has browse permissions, allowing them to view the contents of files in the shared folder but not modify, add, or delete any files.
Custom: Users or user groups can customize the access permissions for the shared folder and individual files and subfolders.
No Permission: The user cannot view or manipulate any content of the shared folder.

Note
  1. The super administrator is granted the highest permissions by default, and the file owner is granted full control permissions by default.
  2. When a user's permissions conflict with the permissions of their affiliated user group, the permission priority is: Deny > Read/Write > Read-Only.
  3. If you have installed applications such as Aria2, Emby Server, Plex Media Server, or Transmission, and want them to access specific shared folders, you need to grant the corresponding access permissions to these applications in advance.

Custom Permissions

Users or user groups can finely control access permissions to shared folders, their subfolders, and subfiles by customizing Windows ACL (Access Control List) permissions.

  • Inherited from: Used to view permission information and check whether current permissions are inherited from the parent folder. In Windows ACL, permissions are inherited from parent folders to subfiles and subfolders by default. Inherited permissions are displayed in gray in the permission list, while custom permissions are displayed in black.
  • Type: Select "Allow" or "Deny" to grant or deny permissions to users or groups.
  • Apply to: As needed, permissions can be applied to the current folder, its subfolders, or subfiles.
Note

To remove or independently manage permissions inherited from the parent directory, click "More" in the permission list of File Management, select "Exclude inherited permissions" or "Visualize inherited permissions" to convert inherited permissions to explicit permissions (own permissions).

ACL (Access Control List) Permissions

The following are the classifications of custom Windows ACL (Access Control List) permissions:

Management Permissions
  1. Change permissions: Allow or deny users to change permissions of files or folders.
  2. Take ownership: Allow or deny users to take ownership of files or folders.
Read Permissions
  1. Traverse folder/Execute file: For folders, allow or deny users to move through folders to reach other files or folders, even if the user does not have access permissions to the folder. For files, allow or deny users to run program files.
  2. List folder/Read data: List folder allows or denies users to view file names and subfolder names within the folder. Read data allows or denies users to view data in files.
  3. Read attributes: Allow or deny users to view attributes of files or folders, such as read-only or hidden.
  4. Read extended attributes: Allow or deny users to view extended attributes of files or folders.
  5. Read permissions: Allow or deny users to read permissions of files or folders.
Write Permissions
  1. Create files/Write data: Create files allows or denies users to create files in the folder. Write data allows or denies changes to files and overwriting of existing content.
  2. Create folders/Append data: Create folders allows or denies users to create folders within the folder. Append data allows or denies changes to the end of files, but not changes, deletion, or overwriting of existing data.
  3. Write attributes: Allow or deny users to change attributes of files or folders, such as read-only or hidden.
  4. Write extended attributes: Allow or deny users to change extended attributes of files or folders.
  5. Delete subfolders and files: Allow or deny users to delete subfolders and files.
  6. Delete: Allow or deny users to delete files or folders.
Note
  1. When accessing files or folders via the SMB protocol, the Windows system will determine whether a user has permission to access or modify them based on the configured ACL (Access Control List) permissions.
  2. Saving Microsoft Office documents requires ensuring you have full write permissions (all six write permissions must be checked). This is because Microsoft Office creates a temporary file/folder when you open an Office document, and the delete permission ensures you can delete the temporary file/folder when saving the Office document.

SMB Rules

You can set SMB permissions for shared folders to allow other devices to access the shared folder as clients.

  • Client: Enter the client's IP address, IP range, or domain name here. For example: 192.168.1.22, 192.168.1.0/24.
  • Permission: Allow or deny remote mounting for the specified client IP.
Note
  1. The SMB service allows all IP addresses to access the host by default. If "Allowed IPs" are set, only these IPs can access the SMB service; when both "Allow" and "Deny" rules exist, the system will prioritize the "Deny" rule.
  2. If your server is running the TOS system and you want clients to mount remote folders via the SMB protocol, you need to go to Control Panel > File Services to enable the SMB file service.

NFS Rules

You can set NFS access permissions for shared folders to allow other devices to access the shared folder as clients.

  • Client: Enter the IP address, IP range, or domain name of the client that will access the shared folder via the NFS protocol. For example: 192.168.1.22, 192.168.1.0/24.
  • Permission: Set read-only or read-write permissions for the NFS client.
  • Mapping: This option is used to control the access permissions of client users to the shared folder. The function of each item is as follows:
    No mapping: Keep the original access permissions of all users on the NFS client.
    Map root to admin: Assign permissions to the root user of the NFS client, equivalent to the access permissions of the admin user in the system.
    Map root to guest: Assign permissions to the root user of the NFS client, equivalent to the access permissions of the guest user in the system.
    Map all users to admin: Assign permissions to all users of the NFS client, equivalent to the access permissions of the admin user in the system.
    Map all users to guest: Assign permissions to all users of the NFS client, equivalent to the access permissions of the guest user in the system.
  • Enable asynchronous: Your device responds to requests from NFS clients before completing changes to files, improving device performance.
  • Allow users to access mounted subfolders: Enabling this option allows NFS clients to access mounted subfolders.
Note
  1. Only shared folders with this permission enabled allow NFS mounting by NFS clients.
  2. If your server is running the TOS system and you want clients to mount remote folders via the NFS protocol, go to Control Panel > File Services to enable the NFS file service.

WebDAV Rules

You can set WebDAV permissions for shared folders to allow other devices to access the shared folder as clients. When creating a shared folder, the system will add a default WebDAV rule that allows all clients (wildcard: *). You can edit it or create new rules as needed.

  • Client: Enter the client's IP address, IP range, or domain name here. For example: 192.168.1.22, 192.168.1.0/24.
  • Permission: Allow or deny remote mounting for the specified client IP.
Note
  1. WebDAV allows all IPs to access by default. After enabling IP access control, only IPs in the list can mount WebDAV; when both allow and deny rules exist, the deny rule takes precedence.
  2. If your server is running the TOS system and you want clients to mount remote folders via the WebDAV protocol, you need to go to Control Panel > File Services to enable the WebDAV file service.