Knowledge Center

Edit a Hybrid Share Folder

You can go to Control Panel > Shared Folder to edit the general information and access permissions of the Hybrid Share folder mounted on your Synology NAS.

Edit General Information

You can edit the general information of a mounted Hybrid Share folder, including its name, description, and reserved local cache size. You can also unmount the folder by deleting it from your Synology NAS.

To edit general information and local cache policy:

  1. Go to Control Panel > Shared Folder.
  2. Select the mounted Hybrid Share folder you want to edit.
  3. Click the Edit button.
  4. Go to the General tab. Edit any of the following settings:
    • Name
    • Description
    • Other options (E.g., Recycle Bin)
  5. Go to the Local Cache tab. Modify the reserved local cache size.
  6. Click Save.

Note:

  • You cannot move your Hybrid Share folder to another volume once it is mounted on your Synology NAS.

To delete a mounted Hybrid Share folder:

If you want to unmount a Hybrid Share folder, simply select it and click Delete. This action only removes the mounted folder from Synology NAS and does not affect the Hybrid Share folder on C2 Storage.

Assign Permissions

You can specify which users or groups can access, view, or modify a mounted folder as well as its files and sub-folders. Access permissions are based on Windows ACL by default.

Note:

  • Mounting the same Hybrid Share folder to multiple Synology NAS may result in loss of ACL permissions. To prevent this, join your Synology NAS to the same domain or LDAP to sync file permissions.

To edit permissions:

  1. Go to Control Panel > Shared Folder.
  2. Select the mounted Hybrid Share folder you want to edit.
  3. Click the Edit button.
  4. Go to the Permissions tab.
  5. Select one of the following from the drop-down menu:
    • System internal user: Assign permissions for default system users, such as the Anonymous FTP/WebDAV user. Before allowing anonymous FTP users to connect to the Hybrid Share folder, you need to assign access permissions for this user.
    • Local users: Assign permissions for local users (including guest).
    • Local groups: Assign permissions for local groups.
  6. Customize the access permissions for each user or group by ticking or unticking the corresponding checkboxes:
    • No access: The user or group cannot access the files or sub-folders in the Hybrid Share folder.
    • Read/Write: The user or group can access and make changes to the files and sub-folders in the Hybrid Share folder.
    • Read only: The user or group can access the files and sub-folders in the Hybrid Share folder.
  7. Click Save to save and exit.

Note:

  • If you encounter permission conflicts, the permissions priority is as follows: No access > Read/Write > Read only.
  • If the permissions for the users belonging to administrators group are set to No access, these users will only be able to see the Hybrid Share folder at Control Panel > Shared Folder but not access its contents.

To customize permissions:

  1. Go to Control Panel > Shared Folder.
  2. Select the mounted Hybrid Share folder you want to edit.
  3. Click the Edit button.
  4. Go to the Permissions tab. Click anywhere in the Custom column.
  5. Do any of the following in the Permission Editor window to edit ACL permissions:
    • User or group: Specify the user or group whose permissions you want to customize.
    • Inherit from: This field is for viewing only and cannot be modified. You can check if the permission is inherited (from a parent folder) or explicit (shown as None).
    • Type: Select Allow or Deny to grant or deny the permission to the user or group.
    • Apply to: If you are creating a permission entry for a folder, tick the checkboxes to apply the entry to This folder, the folders (Child folders) or files (Child files) in this folder, or all files and folders contained in this folder (All descendants).
    • Permission: Tick the checkboxes of the permissions you want to apply.
      • Administration: Tick Change permissions or Take ownership to specify the user or group's access permission settings for the entry.
      • Read or Write: Tick the checkboxes in these sections to modify the user or group's permission settings for the file or folder.
  6. Click Done to finish.

Note:

  • You can only add up to 200 ACL explicit permission entries for a file or folder.
  • When modifying permissions with Windows File Explorer, Deny rules applied to the Domain Admins group will be ignored.

ACL Permissions:

  • Hybrid Share folders implement the permissions settings of Windows ACL, which also allows for customizing the permissions of individual files and sub-folders. Permissions can also be customized via File Station or File Explorer in Windows.

Types of ACL Permissions:

  • Administration:
    • Change permissions: This controls whether a user can change the permission of a file or folder.
    • Take ownership: This controls whether a user has ownership of a file or folder.
  • Read:
    • Traverse folders/Execute files: This controls whether a user can run a program file.
    • List folders/Read data: This controls whether a user can read the data in a file.
    • Read attributes: This controls whether a user can view the attributes of a file.
    • Read extended attributes: This controls whether a user can view the extended attributes of a file.
    • Read permissions: This controls whether a user can read the permissions of a file or folder.
  • Write:
    • Create files/Write data: This controls whether a user can change the contents of a file.
    • Create folders/Append data: This controls whether a user can add data to the end of a file.
    • Write attributes: This controls whether a user can change the attributes of a file.
    • Write extended attributes: This controls whether a user can change the extended attributes of a file.
    • Delete sub-folders and files: This controls whether a user can delete a folder.
    • Delete: This controls whether a user can delete a file.

Permission Inheritance:

  • ACL permissions are inherited from parent objects to child objects. For instance, if an ACL entry of the "sales" folder grants the "Read" permission to the user "Amy", then the ACL entry will be applied to all files within the "sales" folder (such as "annual report.xls"), allowing the user to open the files. Inherited permissions will be displayed in gray, whereas the object's permissions (or "explicit" permissions) will be displayed in black.

Manage Advanced Permissions

You can further fine-tune the access permissions of a mounted folder in the Advanced Permissions tab.

To edit advanced settings:

If needed, you can place further restrictions on users when they access a mounted Hybrid Share folder via File Station, FTP, or WebDAV. Check one or more of the following options and then click Save.

  • Disable directory browsing: This prevents users from viewing the contents of the Hybrid Share folder.
  • Disable modification of existing files: This prevents users from moving, deleting, or modifying files; however, users can still view, download/upload, copy, or unzip the contents of the Hybrid Share folder.
  • Disable file downloading: This prevents users from downloading the contents of the Hybrid Share folder.

To edit advanced share permissions:

When enabled, users and groups can view or modify the contents of a Hybrid Share folder only if they have been granted both advanced share permissions and Windows ACL permissions.

  1. Go to the Advanced Permissions tab.
  2. Tick the Enable advanced share permissions checkbox.
  3. Click Advanced Share Permissions to modify the advanced share permissions.

Assign NFS Permissions

You can assign NFS permissions to a mounted folder and allow Linux clients to access it.

To assign NFS permissions:

  1. Go to Control Panel > Shared Folder.
  2. Select the mounted Hybrid Share folder you want to edit.
  3. Click the Edit button.
  4. Go to the NFS Permissions tab.
  5. Click Create to add an NFS rule.
  6. Enter or select the required information in the popup that appears:
    • Hostname or IP: Specify the NFS client that will access the Hybrid Share folder.
    • Privilege: Select read/write permissions for the NFS client.
    • Squash: Select an access privilege to apply to NFS users.
      • No mapping maintains the original access privilege for All NFS client users (including root users).
      • Map root to admin applies the access privileges of admin users on your system to NFS client root users.
      • Map root to guest applies the access privileges of guest users on your system to NFS client root users.
      • Map all users to admin applies the access privileges of admin users on your system to all NFS client users.
      • Map all users to guest applies the access privileges of guest users on your system to all NFS client users.
    • Security: Specify which security flavor to implement.
      • AUTH_SYS checks for access permissions via the NFS client’s user identifier (UID) and group identifier (GID).
      • Kerberos authentication performs Kerberos authentication when the NFS client connects to the Hybrid Share folder.
      • Kerberos integrity performs Kerberos authentication and ensures the integrity of packets during data transfer.
      • Kerberos privacy performs Kerberos authentication and encrypts the NFS packets during data transfer. This can prevent malicious parties from tampering with NFS traffic.
  7. If needed, you can select one or more of the following options.
    • Enable asynchronous: This allows your Synology NAS to reply to requests from NFS clients before any changes to files are completed and yields better performance.
    • Allow connections from non-privileged ports (ports higher than 1024): This allows NFS clients to use non-privileged ports when connecting to Synology NAS.
    • Allow users to access mounted sub-folders: This allows NFS clients to access mounted sub-folders.
  8. Click Save.

Note:

  • When the format of the server name is *.domain, the NFS client's IP address must have a corresponding DNS PTR record to allow the Synology NAS to find the name *.domain by searching for the corresponding IP address.

Security Flavors:

  • When accessing a Hybrid Share folder via NFS with a specific user account:
    • If AUTH_SYS security flavor is implemented, the client must have the same numerical UID (user identifier) and GID (group identifier) on the NFS client and Synology NAS. Otherwise, the client will be assigned the permissions of others when accessing the Hybrid Share folder. To avoid any permissions conflicts, you can select Map all users to admin from Squash or give "Everyone" permissions to the Hybrid Share folder.
    • If Kerberos (krb5, krb5i, krb5p) security flavor is implemented, you must go to File Services > NFS > Enable NFS service > Advanced Settings > Kerberos Settings to map the NFS client to a specific user, or join a Windows/LDAP domain with the corresponding user account. Otherwise, the client will be assigned the permissions of guest when accessing the Hybrid Share folder.
  • To use Kerberos security flavors to connect to the Synology NAS, Kerberos authentication must be configured by going to File Services > NFS > Enable NFS service > Advanced Settings > Kerberos Settings.
Edit General Information
Assign Permissions
Manage Advanced Permissions
Assign NFS Permissions