Can the Admin see all files/shares in one view?

I set up nextcloud for my students to upload their papers / homework.

I set up a user account for each student with folders for the different courses. Each course folder is shared with the respective teacher for wich I also set user accounts. Teachers can add files but not delete or change files.

As an admin I would like to have a view where I can see all folders/files of all users. I expected to see all those in my (admin) account but I only see my own folders.

Does every user have to share each folder/file with the admin user that I can see the data?

Or am I doing something wrong here?

Thanks in advance!

I think it would be a huge security risk if an netxcloud admin could see all folders and files of his users. so in my opinion it is not possible and it should be not possible.

The short answer to your question, no Admins don’t have full view from page.

I think a better approach to what you’re trying to do (and since all the accounts have been setup) is to organize things via groups. Meaning all student accounts belong to Student Group, all teachers belong to Teacher Group, and then maybe even go further and assign Math teachers to belong to Math Teacher Subgroup, etc…and then…

Create folders under Admin account and share with them (this way you have full view because you’re owner of the folder(s), and also because you’re the one sharing, you control all permissions - preventing deletions etc).

  • English - shared with Student Group, English Teacher Group, + optionally any additional individual account
  • Math - shared with Student Group, Math Teacher Group, + optionally any additional individual account
  • General - shared with Student Group, Teacher Group, + optionally any additional individual account

Also, if you have access to the computer Nextcloud is running on, you can view any folders/files located under /var/www/nextcloud/data/…

3 Likes

I do similar to this scheme for managing these sort of shares, and extend it a bit where quota restrictions are needed. For this school example, I might have a “share owning” account for each department:
EnglishDept
GermanDept
MathsDept
ScienceDept

then give each of those users the amount of disk quota I will let them use. Give the account/password to whoever is responsible for managing the department organisation (in a small place it might be just 1 admin/office person who has them all).
Then create the various folders to share with Student+Teacher(s), like Raegar describes.
The files end up all being “owned” by “EnglishDept” etc, and thus come off “EnglishDept” overall quota, rather than being “charged” to the Teacher or Student that happened to create the file.
If you want a single “admin” user to see all the shares, then you can of course share “ReadOnly” with that “admin” user or group also - but often it will work for each department to just manage and see their own shares.

1 Like

You could (theoretically) setup an “external” storage location which is really an SSH tunnel to the Nextcloud folder location that is just local. This requires you have SSH access to a dedicated server and you’re not in a shared hosting environment. On your own server, you must also have it locked down with some kind of mitigation methodology to protect against bruteforce attacks (eg, fail2ban or some other method, configured to look for NextCloud login attempts-not just the NC bruteforce app), and layer yourself with port blocking (only allow 80/443 into your external firewall).
This takes a LOT of security knowledge and is still a BIG RISK. Another option is to require sharing to be enabled across all users (each user MUST share their root home folder to be compliant, or be disabled as non-compliant).

Keep in mind opening yourself and your users up like this severely violates security best-practice and you had better have a damn good password on your account (eg, KeePass or LastPass randomly generated LONG and random password), not be socially engineered, AND have TOTP (two factor) enabled. Also DO NOT USE the admin account for such purposes.

This kind of function would be similar to auditing functions required by some industries where an auditor must see all files but in a read-only fashion. Do not use the well known admin account for this purpose.

Be aware of how doing any of this is NOT advised from a security standpoint.

I know this is a little late to the game, but when people search for it, they will find it.

So not sure if this was supposed to be an option or not, but I found that it can be done quite easily

This is on version 11, I haven’t tested on any other version.

As administrator you will need access to the server to determine where the cloud data folder is

  1. Click Admin
  2. Click External Storages
  3. folder name: Users
  4. External storage: drop down select Local
  5. Configuration: type the location of your cloud data ie /mnt/clouddata/
  6. Available for: Type your username
  7. Click gear only enable previews

Go into your folders list and you should see Users
under users you will see all the usernames and under each username you can see their files.

1 Like

John_Shotton, thanks a lot for the solution!
It works in ver.13.

John_Shotton, it also works fine in NC 14. I just looking for an option, so only admins can see the external storage link. At the moment i have the admin group allowed to join the Users directory by using the external storage link, but for another non admin group the link “external storage” is also visible, but without showing the Users directory. Is it possible to hide the external storage link from menu to non admin groups?

With best regards, Alex

1 Like

good method thanks :slight_smile:

Thank you! Works fine on version 17.0.1.

Thanks John for these instructions. I’ve confirmed this is working for me on Nextcloud 18.

Is there a way to show the user name and not the GUID for each user?

Thank you.

Unfortunately this solution does not seem to work with my setup – I have AWS S3 set as my primary storage, and therefore it appears that the data itself is not hosted at /mnt/clouddata

Does anyone have any ideas on how to modify this solution for an implementation where S3 is being used as primary storage? Many thanks in advance for any insights.

I’ve the same problem but i cannon’t understand how see all folder by all user.
Currently as admin I don’t see user folders.

Does anyone have any ideas on how to modify this solution for an implementation where S3 is being used as primary storage? Many thanks in advance for any insights.

I don’t think it’s possible using the primary storage config

https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/primary_storage.html

You could use goofys or s3fs-fuse to mount the Object Storage onto your fs.

See Migrating NextCloud from S3 Backend to S3FS Object Storage - Autoize

My question is the opposite. Is it possible for an admin to not be able to see the files? If the files are encrypted, would the admin have access to the decryption keys/salt?