Skip to main content
Version: TOS 7

Shared Folders

A shared folder is a network storage space. You can create multiple shared folders to store different categories of data, or provide them to different users or user groups for file access.

Creating a Shared Folder

Shared Folder

Please follow the on-screen instructions to complete the creation of a shared folder.

  • Hide this shared folder in "Network Neighborhood": Specifies whether the shared folder is displayed or hidden under "Network" in Windows File Explorer. Checking this option does not affect the folder's access permissions; it can still be accessed via "\server name\shared folder name".
  • Enable Recycle Bin: When enabled, files deleted from the shared folder will be moved to a folder named #recycle. You can set it so that only users in the admin group can access the Recycle Bin.
  • Shared Folder Access Permissions: When setting shared folder access permissions, the system will display the user's actual access permissions to the shared folder based on the user's individual permissions and the permissions of their user group, combined with the permission priority order (Deny > Read/Write > Read-Only).
  • Storage Quota: Specifies the capacity limit for the shared folder. Storage quotas for shared folders can only be set when using the Btrfs file system.
Naming Rules
  1. Shared folder names must not contain spaces or the following special characters: $ % & ' ( ) * + *, / : ; < = > ? @ [ ] \ ^ ` | ~, but hyphens (-) and underscores (_) are allowed.
  2. Shared folder names must be between 1 and 64 characters long and cannot be the same as a user name.
  3. Shared folder names must not use system-reserved names or default system folder names, such as: "root", "admin", "home", "homes", "desktop", "usbshare", "usbshare1", "usbshare...".
Note
  1. If a shared folder has been enabled as a TerraSync team folder, after deleting files within this shared folder, you must first empty the Recycle Bin in File Management, and then perform a secondary cleanup in the Recycle Bin within the TerraSync app to ensure the files are completely deleted and space is freed.
  2. If the shared folder or volume where the file is located has snapshots, after deleting the file, you must go to the Snapshot app or "File System Snapshots" and delete all related snapshots to free up space.
  3. You must set a retention period for the Recycle Bin. Deleted files are retained for a maximum of 60 days. After this period, the system will permanently delete these files.

Encrypted Shared Folders

The process of creating an encrypted shared folder is similar to creating a regular shared folder, but after clicking "Create", you need to check "Encrypt this shared folder" and enter an encryption key. Once a shared folder is encrypted, even if the hard drive is removed from the NAS and mounted on another device, users without the encryption key cannot access or modify the encrypted data.

Password Rules

The password must be at least 8 characters long.

Note
  1. Encrypted shared folders must be mounted by an administrator before they can be accessed; otherwise, all users will be unable to access any content within them.
  2. Newly created encrypted shared folders are in a mounted state by default.
  3. When creating new sub-files or subfolders within an encrypted shared folder, the name can be up to 143 characters long.
  4. Encrypted shared folders only support file backup services when in a mounted state.

Key Management

Encrypted shared folders use hardware encryption to protect data security. It is recommended that you immediately export the key file (with the extension .key) after successfully mounting an encrypted shared folder and store it securely. Be sure to keep the encryption key safe; if the key is lost, you will not be able to recover or access the encrypted files.

Mount/Unmount

Mounting and unmounting encrypted shared folders are important methods for achieving data sharing, access control, and security protection.

  • Mount: When mounting an encrypted shared folder, you need to enter or import the encryption key. After successful mounting, the small lock icon in the bottom right corner of the folder icon will appear open.
  • Unmount: After unmounting an encrypted shared folder, the lock icon will close, the folder will be hidden in File Manager, and all connections related to that folder will become invalid.
Note
  1. To ensure data security, please unmount the encrypted shared folder after use. Remount it when needed.
  2. Encrypted shared folders must be unmounted before you can rename them or move them to another storage space.

Managing Shared Folders

General Operations

  • Folder Information: You can edit general information of the shared folder, such as name, description, and migration to another volume.
  • Search: Enter keywords to find the folder you need.
  • Refresh: Refresh the shared folder list. If the interface does not display the latest shared folder changes (including creation, deletion, or usage) in a timely manner, please click the refresh button.
  • Delete: Select the shared folder you want to delete and click the delete button. Mounted encrypted shared folders must be unmounted before they can be deleted.

Permissions

You can flexibly set the access permissions for users, user groups, and application users to shared folders and their contents, as well as the access permissions for individual sub-files and subfolders within a shared folder.

Note

In TOS 6.0 and above, the access permissions for shared folders are controlled by Windows ACL by default. You can also manage permissions via File Manager or Windows File Explorer.

Setting Permissions

You can set access permissions to shared folders by checking or unchecking the permission checkboxes corresponding to users, user groups, and application users. The permissions are explained as follows:

  • Deny: The user is explicitly denied access to the shared folder and cannot view or perform any operations on any content within the shared folder.
  • Read/Write: The user is granted full access, can browse files within the shared folder, and modify, add, delete, and perform other operations on these files.
  • Read-Only: The user only has browsing permissions, can view the contents of files within the shared folder, but cannot make any modifications, additions, or deletions.
  • Custom: Users or user groups can customize access permissions for shared folders as well as individual files and subfolders.
  • No Permission: The user cannot view or perform any operations on any content within the shared folder.
Note
  1. The super administrator is granted the highest permissions by default, and the file owner is granted full control permissions by default.
  2. When a user's permissions conflict with the permissions of their user group, the permission priority is: Deny > Read/Write > Read-Only.
  3. If you have installed applications such as Aria2, Emby Server, Plex Media Server, Transmission, etc., and want them to access specific shared folders, you need to grant these applications the corresponding access permissions in advance.

Custom Permissions

Users or user groups can finely control access permissions to shared folders and their subfolders and subfiles by customizing Windows ACL (Access Control List) permissions.

  • Inherited From: Used to view permission information and understand whether the current permissions are inherited from the parent folder. In Windows ACL, permissions are by default inherited from the parent folder to subfiles and subfolders. Inherited permissions are displayed in gray in the permission list, while custom permissions are displayed in black.
  • Type: Choose Allow or Deny to grant or deny permissions to a user or group.
  • Apply To: Depending on the need, permissions can be applied to the current folder, its subfolders, or subfiles.
Note

If you need to remove or independently manage permissions inherited from a parent directory, click "More" in the permission list in File Management, and select "Exclude Inherited Permissions" or "Make Inherited Permissions Visible" to convert inherited permissions into explicit permissions (own permissions).

ACL (Access Control List) Permissions

The following are the custom Windows ACL (Access Control List) permission categories:

Management Permissions

  1. Change Permissions: Allows or denies a user to change the permissions of a file or folder.
  2. Take Ownership: Allows or denies a user to take ownership of a file or folder.

Read Permissions

  1. Traverse Folder / Execute File: For folders, allows or denies a user to move through a folder to reach other files or folders, even if the user does not have permissions for the folder. For files, allows or denies a user to run a program file.
  2. List Folder / Read Data: List Folder: Allows or denies a user to view the file names and subfolder names within a folder. Read Data: Allows or denies a user to view the data in a file.
  3. Read Attributes: Allows or denies a user to view the attributes of a file or folder, such as read-only or hidden.
  4. Read Extended Attributes: Allows or denies a user to view the extended attributes of a file or folder.
  5. Read Permissions: Allows or denies a user to read the permissions of a file or folder.

Write Permissions

  1. Create Files / Write Data: Create Files: Allows or denies a user to create files within a folder. Write Data: Allows or denies a user to make changes to a file and overwrite existing content.
  2. Create Folders / Append Data: Create Folders: Allows or denies a user to create folders within a folder. Append Data: Allows or denies a user to make changes to the end of a file, but not to change, delete, or overwrite existing data.
  3. Write Attributes: Allows or denies a user to change the attributes of a file or folder, such as read-only or hidden.
  4. Write Extended Attributes: Allows or denies a user to change the extended attributes of a file or folder.
  5. Delete Subfolders and Files: Allows or denies a user to delete subfolders and files.
  6. Delete: Allows or denies a user to delete a file or folder.
Note
  1. When accessing files or folders via the SMB protocol, the Windows system determines whether a user has access or modification permissions based on the configured ACL (Access Control List) permissions.
  2. Saving Microsoft Office documents requires that you have full write permissions (all six write permissions must be checked). This is because Microsoft Office creates a temporary file/folder when you open an Office document, and delete permissions ensure that you can delete the temporary file/folder when saving the Office document.

SMB Rules

You can set SMB permissions on shared folders to allow other devices as clients to access the shared folder.

  • Client: Enter the client's IP address, IP range, or domain name here. For example: 192.168.1.22, 192.168.1.0/24.
  • Permission: Allow or prohibit remote mounting by the specified client IP.
Note
  1. The SMB service by default allows all IP addresses to access the host. If "Allowed IPs" are set, only these IPs are allowed to access the SMB service; when both "Allow" and "Deny" rules exist, the system will prioritize the "Deny" rule.
  2. If your server is running the TOS system and you want clients to be able to mount remote folders via the SMB protocol, you need to go to Control Panel > File Services and enable the SMB file service.

NFS Rules

You can set NFS access permissions on shared folders to allow other devices as clients to access the shared folder.

  • Client: Enter the IP address, IP range, or domain name of the client that will access the shared folder via the NFS protocol. For example: 192.168.1.22, 192.168.1.0/24.
  • Permission: Set read-only or read-write permissions for the NFS client.
  • Mapping: This option is used to control the access permissions of client users to the shared folder. The functions of each item are as follows: No Mapping: Maintain the original access permissions of all users on the NFS client.
    Map root to admin: Assign permissions to the root user on the NFS client, equivalent to the access permissions of the admin user in the system.
    Map root to guest: Assign permissions to the root user on the NFS client, equivalent to the access permissions of the guest user in the system.
    Map all users to admin: Assign permissions to all users on the NFS client, equivalent to the access permissions of the admin user in the system.
    Map all users to guest: Assign permissions to all users on the NFS client, equivalent to the access permissions of the guest user in the system.
  • Enable Async: Your device replies to requests from NFS clients before completing changes to files, improving device performance.
  • Allow users to access mounted subfolders: Enable this option to allow NFS clients to access mounted subfolders.
Note
  1. Only shared folders with this permission enabled are allowed to be mounted via NFS by NFS clients.
  2. If your server is running the TOS system and you want clients to be able to mount remote folders via the NFS protocol, go to Control Panel > File Services and enable the NFS file service.

WebDAV Rules

You can set WebDAV permissions on shared folders to allow other devices as clients to access the shared folder. When creating a shared folder, the system by default adds a WebDAV rule that allows all clients (wildcard: *). You can edit it or create new rules as needed.

  • Client: Enter the client's IP address, IP range, or domain name here. For example: 192.168.1.22, 192.168.1.0/24.
  • Permission: Allow or prohibit remote mounting by the specified client IP.
Note
  1. WebDAV by default allows all IPs to access. After enabling IP access control, only IPs in the list are allowed to mount WebDAV; when both allow and deny rules exist, the deny rule takes precedence.
  2. If your server is running the TOS system and you want clients to be able to mount remote folders via the WebDAV protocol, you need to go to Control Panel > File Services and enable the WebDAV file service.