Admin can access data of a user?

Hi,

i have a 18.0.5 Nextcloud an the following user situation:
-admin
-user1
-user2

user1 and user2 are in a members of one group.

when i am logged in as user1 nextcloud says in settings --> privacy:
Who has access to your data?
Administrators (admin)

when i am logged in as admin i cant access the data of user1.

Why does Nextcloud say that admin has access to the data of user1 and user2? Is it because an admin is able to delete the useraccount? Or how can an admin access the data of a user?

The admin can install an app to impersonate the user and is able to access all files of every user.

and how can he access the files? i cant find it

See description at https://apps.nextcloud.com/apps/impersonate

ok. i don’t use this app.
but why do i have the sentence in privacy settings. can i remove the possibillity for an admin to access files of a user?

If the admin is also the server admin/root, can’t they acess all user files anyway through the shell?

Yes, server admin can do anything and access all files and DB content.

No, afaik.

strange, I also do not have the App, I do see the same by user but I can not see how to access as Admin in NC files from users. Sure as Admin from the underlaying server, I have access, but in NC?
What ist the reason for the Info in the privacy?

Yes because the admin can always access the data unless end2end encryption is used. Not mentioning it would create a false sense of security.

actually it does not make sense to me.
I am aware that a Server-Admin can see the data.
Why should a NC-Admin see data of a NC-User?

Maybe we have not the correct wording here.

An admin is able to view the user files by using suitable apps. That is a general possibility and not related to the link given by me.

Hmmm, OK but still a bit confusing for the user.

shell “root” can also read login-passwords and use them e.g. of encrypted file system.

On Google drive or dropbox or whatever, there always are admin who have all access to your data…

realy not a good argument with a privacy cloud like NC
And again, sure the admin from the OS can do but NC?

I think that you don’t understand what I mean… We don’t know how to implement a cloud without admin with all access… (except with E2E encryption)
When you upload a file on a cloud, the file is store on a computer. So, every one who have root access to the computer can access your data. And you can’t do a cloud without root access.

The NC admin is created by the OS admin…

this is correct. And true for all computers and external storages. In all companies all over the world. Think of it… Do you store data on smb/cfis-drives within your company? Be sure that some IT-guys would be able to read it.
Where do your backups go? Be sure some IT-guys could read it.
Where are your eMails stored? Be sure some IT-guys could read it.

So really noone is really propagating that. But NC does.

So the only thing which would help here would be encryption. Or trust in your (hopefully) wellpaid Sysadmin

Snowden was very well paid and worked from Hawaii

not well enough apparently to silence his peace of couscious - but isn’t he proof enough that I was just right? “Some IT-guy can read it”. Even I could read “things” when I was an intern at the University computing center. And I was (and made) sure to not leave any traces. Back then.