Nextcloud version (eg, 20.0.5): Next cloud 20.0.5
Operating system and version (eg, Ubuntu 20.04): Debian 9
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.25
PHP version (eg, 7.4): PHP 7.3.33
The issue you are facing:
As the main admin, I have created a new user and made him part of a group, this user is not an admin.
This new user can now login and from menu users==>everyone can see some of the users and for some of these users, he can deleted them or wipe their data while.
(“Some of the users” means, he can see users that are part of a group (any group), but he cannot see users that have no group.)
It look like, as long as a non admin user is part of a group he has the possibility to delete or update other users as long as they are part of a group.
This is a “dangerous” possibility, how can I correct this behavior?
Thank you
I test it for you. My user test in group test has got no access to users in settings.
But i use Nextcloud 22.2.3 .
Please post details e.g. screenshots.
-First line the actual user
-Second line, me the adminstrator
-Third line, another user to which the logged user (first line) can delete or modify the account
First and third user are in a group but in a different group
I did delete the group with space in the name and recreate a new one, replacing spaces with _ but it is almost the same.
The only difference is that the first user (the logged one) is not in the list anymore.
I also noticed that this logged user has access to other group (but not his own group that is not listed).