Frequently Asked Question

Share, Folder and File Permissions
Last Updated a year ago

Synology NAS Permissions:

Overview

This article provides a comprehensive guide to managing permissions on Synology NAS devices. It covers the structure and management of users and groups, as well as permission settings at the shared folder level, including both Unix permissions (owner, group, other) and user-specific permissions.

Users and Groups on Synology NAS

Users

  • Users are individual accounts that represent people or services accessing the NAS.
  • Each user has their own login credentials and can be assigned specific permissions to shared folders, files, and applications.
  • User accounts can be created, edited, or removed via the DSM (DiskStation Manager) Control Panel.
  • Users can have storage quotas, application privileges, and password policies applied to their accounts.

Groups

  • Groups are collections of users that simplify permission management.
  • By assigning permissions to a group, all users in that group inherit those permissions, making bulk management efficient and reducing the risk of misconfiguration.
  • Synology NAS comes with default groups such as administrators (full admin rights) and users (standard access).
  • Custom groups can be created to match organisational roles (e.g., "Power Users," "Management").
  • Users can belong to multiple groups, and their effective permissions are a combination of all group and individual user permissions.

Shared Folder Permissions

Permission Types

Synology NAS supports two main types of permission systems for shared folders:

  • User/Group Permissions (ACLs): Fine-grained access control, allowing you to specify read, write, or deny access for individual users and groups.
  • Unix Permissions: Traditional owner, group, and other permission bits, similar to Linux file systems.

Setting Permissions

  • Permissions can be set via the DSM Control Panel or File Station by right-clicking a folder and selecting "Properties" > "Permissions".
  • Permissions can be assigned to users, groups, or both.
  • Inheritance: Subfolders and files can inherit permissions from their parent folder, but you can break inheritance for granular control.

Unix Permissions (Owner, Group, Other)

  • Owner: The user who owns the file or folder; has the highest level of control.
  • Group: A set of users who share access to the file or folder.
  • Other: All other users not in the owner or group categories.
  • Permissions are typically represented as Read (r), Write (w), and Execute (x) for each category.
  • On Synology NAS, Unix permissions are primarily available for shares created with older DSM versions or when Windows ACL is disabled.
  • By default, new shared folders use Windows-style ACLs for more granular control, but some legacy shares may still use Unix permissions.

Example of Unix permission notation: rwx------ means full permissions for owner only.

Modifying Unix permissions can be done via SSH or through DSM if Unix permissions are enabled for the folder.

User and Group Permissions (ACLs)

  • Access Control Lists (ACLs): Allow you to grant or deny permissions (read, write, delete, etc.) to specific users or groups for shared folders and subfolders.
  • ACLs provide more flexibility than Unix permissions, supporting complex scenarios such as allowing a user to write but not delete, or denying access to a specific group while allowing others.
  • Permission types include: Read, Write, Deny, and Administration.
  • Deny always overrides Allow if there is a conflict.
  • Permissions can be inherited from parent folders or set explicitly for each folder or file.

Managing Permissions

  • Use the "Permissions" tab in DSM to view and edit permissions for users and groups.
  • Advanced options allow you to:
    • Inherit permissions from parent folders.
    • Make inherited permissions explicit and editable.
    • Remove inherited permissions for custom setups.
  • For best practice, use groups for most permission assignments and only assign user-specific permissions when necessary.

Best Practices

  • Use Groups: Assign permissions to groups rather than individual users for easier management and scalability.
  • Review Inheritance: Ensure subfolders do not unintentionally inherit permissions that grant broader access than intended.
  • Combine Permissions Carefully: If a user belongs to multiple groups, their permissions are combined, but any explicit Deny will override Allow.
  • Audit Regularly: Periodically review permissions to ensure they align with current organisational needs and security policies.
This website relies on temporary cookies to function, but no personal data is ever stored in the cookies.
OK
Powered by GEN UK CLEAN GREEN ENERGY

Loading ...