Limit sharing to Synology Photos app

New user here, so apologies for a basic question. I have installed tailscale (personal) on my Synology and my phone and can access the Synology from outside my network. I would now like family members to be able to access the Synology through the Synology Photos app for photo backup and the like. However, I do not want them to access any other files or resources on the Synology. I think this is accomplished through the ACLs, but I just can’t figure them out. Are there an easy-to-follow tutorial or could anyone suggest some rules I can try? Thanks in advance.

Do you want them to have their own account on the Synology? In other words, do you want them to back up their own photos? If so, you can create users on the Synology for each family member, and add them to a new group (create a ‘Family’ group). Then in permissions for the group, you can specify what they can interact with, including applications such as photos. So give them permissions for Photos and nothing else. Make sure you change file permissions to No Access if that is what you want.

If you want to ‘share’ your photos with them, then there are share settings within the photos app that you can use. To access those settings, load up Photos on a web browser and click your user icon in the upper right corner.

This doesn’t address how to give them access to the NAS, if you need help with that, let me know. But ultimately, the easiest way will be to have them register a Tailscale account, then share the NAS with them. At least I think that will work.

[EDIT: remember that permissions on Synology are ‘additive’, so make sure they are only a member of the ‘Family’ group, and also check each user as well for permissions that you don’t want them to have.]

Thanks for your help - I appreciate it. I want them to be able to backup their own photos, not access mine. So, if I’m following you, I just set up a new user for them on the Synology and control access through the Synology (which I understand how to do) rather than using any ACL or other tools in tailscale. Is that right? Thanks again.

That is how I would (and do) do it.

I am not sure you would be able to do it through an ACL unless the photos app is on a different port. Which on mine, it is not.

Perfect. Thanks again.