Skip to main content
Version: TOS 7

Shared Folders

A shared folder is a network storage space. You can create several shared folders to store different categories of data or provide access to different users or user groups. To create a shared folder, please go to TOS Desktop > Control Panel > Access Control > Shared Folder.

Creating a Shared Folder

Shared Folder

Please follow the steps indicated on the page to complete the creation of a shared folder.

  • Hide this folder in Network Neighborhood: Specify whether the shared folder is displayed or hidden under "Network" in Windows File Explorer. Selecting this option does not affect the access permissions of the folder; it can still be accessed through "\server_name\shared_folder_name".
  • Enable Recycle Bin: When files in the shared folder are deleted, the deleted files will be moved to a folder named #recycle. You can set it so that only users in the admin user group have access to the Recycle Bin.
  • Set Permissions: Select the appropriate permission settings as needed; the default is "Deny" permission.
  • Storage Quota: Specify the storage limit for the shared folder. The storage quota for shared folders can only be specified when using the Btrfs file system.
Naming Rules
  1. The name of a shared folder must not contain spaces and the following special characters: $ % & ' ( ) + , / : ; < = > ? @ [ ] \ ^ ` | ~, but hyphens ( - ) and underscores ( _ ) are allowed.
  2. The length of the shared folder name should be between 1 to 255 characters, and it cannot be the same as a user name.
  3. The name of a shared folder is prohibited from using system-reserved names and default folder names, such as: "root", "admin", "home", "homes", "desktop", "usbshare", "usbshare1", "usbshare...".
Note
  1. If the shared folder is enabled as a TerraSync team folder, after deleting files within this shared folder, you must first empty the recycle bin in the file manager and then go to the recycle bin in the TerraSync application for secondary cleanup to ensure that the files are completely deleted and space is freed.
  2. If there are snapshots of the shared folder or volume where the files are located, after deleting the files, you must go to the Snapshot application or "File System Snapshots" to delete all related snapshots to free up space.
  3. You must set a retention period for the recycle bin; deleted files will be retained for a maximum of 60 days, after which the system will permanently delete these files.

Encrypting a Shared Folder

The process of creating an encrypted shared folder is similar to creating a regular shared folder, but after clicking "Create," you need to check the "Encrypt this shared folder" box and enter an encryption key. After the shared folder is encrypted, even if the hard drive is removed from the NAS and mounted on another device, users without the encryption key will not be able to access or modify the encrypted data.

Password Rules

Password must be at least 8 characters long.

Note

1.An encrypted shared folder can only be accessed after it is mounted by an administrator otherwise, all users will be unable to access any content within it. 2. Newly created encrypted shared folders are mounted by default. 3. When creating new subfiles or subfolders within an encrypted shared folder, the maximum name length is 143 characters. 4. Encrypted shared folders only support file backup services when they are in a mounted state.

Key Management

The encrypted shared folder employs hardware encryption to protect data security. It is recommended that you immediately export and properly save the key file (with the extension .key) after successfully mounting the encrypted shared folder. Please make sure to keep the encryption key well. If you lose the key, you will not be able to recover or access the encrypted files.

Mount/Uninstall

Mounting and unmounting encrypted shared folders are important means to achieve data sharing, access control, and security protection. After mounting, users can conveniently access and share data. Unmounting protects data from unauthorized access and leakage.

  • Mount: When mounting an encrypted shared folder, you need to enter or import the encryption key. After successful mounting, the small lock symbol in the lower right corner of the folder icon will be displayed as open.
  • Uninstall: After unmounting an encrypted shared folder, the small lock symbol will be closed, and the folder will be hidden in File Manager. At the same time, all links related to that folder will become invalid.
Note
  1. To ensure data security, please unmount the encrypted shared folder after use. When you need to use it again, remount it.
  2. You can only rename or move an encrypted shared folder to another storage space after unmounting it.
  3. If an encrypted shared folder is in the mounted state during a reboot or logout, it will remain mounted.

ISO Shared Folder

Before proceeding to create an ISO shared folder, please upload the ISO image files to the designated shared folder. During the creation process, the system will automatically search and list the available ISO files, allowing you to select the desired ISO image file based on your needs. Once created, you can access the contents of the ISO image folder through the File Manager.

Note
  1. Please do not upload ISO image files to users' homes directories, as this may prevent the system from locating them during the automatic search for ISO image files.
  2. The ISO shared folder will be automatically displayed in the File Manager. To ensure the security and integrity of the content, all users will have only read-only permissions to this folder.

Managing Shared Folders

General Operations

  • Folder Information: You can edit general information about the shared folder, such as name, description, and others.
  • Search: Enter keywords to find the folder you need.
  • Refresh: Refresh the list of shared folders. If the interface does not immediately display the latest changes to shared folders (including creation, deletion, or occupancy), click the refresh button.
  • Delete: Select the shared folder you want to delete and click the delete button. Encrypted shared folders that are mounted must be unmounted before deletion.

Permissions

You can flexibly set access permissions for users, user groups, and application users to the shared folder and its contents, as well as individual files and subfolders within the shared folder.

Setting Permissions

You can set access permissions for the shared folder and its contents by checking or unchecking the permission checkboxes corresponding to users, user groups, and application users. The permissions are explained as follows:

  • Deny: Users are explicitly denied access to the shared folder and cannot view or manipulate any content within the shared folder.
  • Read/Write: Users are granted full access, including the ability to browse files within the shared folder and modify, add, or delete them.
  • Read-Only: Users are granted view-only access to the files within the shared folder but cannot modify, add, or delete any files.
  • Full Control: Users are granted full control over the shared folder, allowing them to modify resource permissions, take ownership of resources, and delete resources.
  • None: Users cannot view or manipulate any content within the shared folder.
  • Custom: Users or user groups can customize access permissions for the shared folder as well as for individual files and subfolders.
Note
  1. The super administrator is granted the highest permission by default, and file owners are granted full control by default.
  2. When user permissions conflict with their user group's permissions, the priority order is: Deny > Read/Write > Read-Only.
  3. Before TOS version 6.0, application users were media users by default. If you've installed applications such as Aria2, Emby Server, Plex Media Server, Transmission, etc., and wish to grant them access to specific shared folders, you need to pre-configure the appropriate access permissions for these applications.

Setting Custom Permissions

Users or user groups can finely control access permissions to shared folders and their subfolders and subfiles through custom Windows ACL (Access Control List) permissions.

  • Inherited from: View information to understand whether permissions are inherited from the parent folder.
  • Apply to: Apply permissions to this folder, folders in this folder (i.e., subfolders), or files (i.e., subfiles), etc., based on needs.

ACL (Access Control List) Permissions

The following are the classifications of custom Windows ACL (Access Control List) permissions: Management Permissions

  1. Change Permissions: Allows or denies users to change the permissions of a file or folder.
  2. Take Ownership: Allows or denies users to acquire ownership of a file or folder.

Read Permissions

  1. Traverse Folder/Execute File: For folders, allows or denies users to move through the folder to access other files or folders, even if they do not have access permissions for the folder. For files, allows or denies users to run program files.
  2. List Folder/Read Data: Lists the folder, allowing or denying users to view the filenames and subfolder names within the folder. Read Data allows or denies users to view the data in a file.
  3. Read Attributes: Allows or denies users to view the attributes of a file or folder, such as read-only or hidden.
  4. Read Extended Attributes: Allows or denies users to view the extended attributes of a file or folder.
  5. Read Permissions: Allows or denies users to read the permissions of a file or folder.

Write Permissions

  1. Create Files/Write Data: Create Files allows or denies users to create files in a folder. Write Data allows or denies making changes to a file and overwriting existing content.
  2. Create Folders/Append Data: Create Folders allows or denies users to create folders within a folder. Append Data allows or denies users to make changes to the end of a file, but not to change, delete, or overwrite existing data.
  3. Write Attributes: Allows or denies users to change the attributes of a file or folder, such as read-only or hidden.
  4. Write Extended Attributes: Allows or denies users to change the extended attributes of a file or folder.
  5. Delete Subfolders and Files: Allows or denies users to delete subfolders and files.
  6. Delete: Allows or denies users to delete a file or folder.
Note
  1. When accessing files or folders through the SMB protocol, the Windows system will determine whether the user has permission to access or modify based on the configured ACL (Access Control List) permissions.
  2. To save Microsoft Office documents, ensure that you have full write permissions (all six write permissions must be checked). This is because Microsoft Office creates a temporary file/folder when you open an Office document, and the Delete permission ensures that you can delete the temporary file/folder when saving the Office document.

NFS Rules

You can set NFS access permissions for a shared folder so that other devices can access it as clients. When creating a shared folder, the system will automatically create a default NFS rule that allows all clients (wildcard: *). You can edit this rule or create new ones based on your needs.

  • Client: Enter the IP address, IP range, or domain name of the client that will access the shared folder via the NFS protocol. For example: 192.168.1.22, 192.168.1.0/24 .
  • Permissions: Set the NFS client's read-only or read-write permissions.
  • Mapping: This option controls the access permissions of client users to the shared folder. The functions of each option are described below:
    No Mapping: Maintains the original access permissions of all users on the NFS client.
    No Mapping: Maintains the original access permissions of all users on the NFS client.
    Map root to admin: Assigns permissions for the root user of the NFS client, equivalent to the access permissions of the admin user on the system.
    Map root to guest: Assigns permissions for the root user of the NFS client, equivalent to the access permissions of the guest user on the system.
    Map all users to admin: Assigns permissions for all users on the NFS client, equivalent to the access permissions of the admin user on the system.
    Map all users to guest: Assigns permissions for all users on the NFS client, equivalent to the access permissions of the guest user on the system.
  • Enable Asynchronous: Your device replies to requests from NFS clients before completing changes to files, improving device performance.
  • Allow User Access to Mounted Subfolders: Enable this option to allow NFS clients to access mounted subfolders.
Note
  1. Only shared folders with this permission enabled are allowed to be mounted by NFS clients.
  2. To allow NFS clients to mount remote folders, you need to enable NFS file services in Control Panel > File Services.

SMB Rules

You can set SMB permissions for a shared folder to allow other devices to access it as clients. When creating a shared folder, the system will automatically add a default SMB rule that allows all clients (wildcard: *). You can edit this rule or create new ones based on your needs.

  • Client: Enter the IP address, IP range, or domain name of the client. For example: 192.168.1.22, 192.168.1.0/24 .
  • Permissions: Allow or deny remote mounting for the specified client IP.
Note
  1. Only shared folders with this permission enabled are allowed to be mounted by SMB clients.
  2. To allow SMB clients to mount remote folders, you need to enable SMB file services in Control Panel > File Services.

WebDAV Rules

You can set WebDAV permissions for a shared folder to allow other devices to access it as clients. When creating a shared folder, the system will automatically add a default WebDAV rule that allows all clients (wildcard: *). You can edit this rule or create new ones based on your needs.

  • Client: Enter the IP address, IP range, or domain name of the client. For example: 192.168.1.22, 192.168.1.0/24 .
  • Permissions: Allow or deny remote mounting for the specified client IP.
Note
  1. Only shared folders with this permission enabled are allowed to be mounted by WebDAV clients.
  2. To allow WebDAV clients to mount remote folders, you need to enable WebDAV file services in Control Panel > File Services.

Advanced Settings

When the TOS system is reinstalled or initialized, the file database information may be lost, but the original files on the TNAS hard drive will remain unaffected and the data will still be present. If the folders on your hard drive do not display properly after reinstalling or initializing the TOS system, you can use the "Recover Shared Folders" feature in the advanced settings to remount the folders. When recovering shared folders, please select a storage space and click "OK".