Create technical user accounts with minimal permissions (e.g. no login)

Support intro

Nextcloud version 28.0.2
runs on docker container

Nextcloud version (28.0.2):
Operating system and version (latest Fedora):
version info (docker container from Docker Hub):

I am running my Nextcloud instance at home via docker on an Intel NUC. Almost anything fine so far :slight_smile:
I also want to connect some devices like HP printer/scanner or external products that are low trust, so i do want to restrict their permissions.

In many technical systems there is an option to restrict access of technical users :+1:. So i would like to have some technical user, let’s call it scan that can write scanned PDFs to some directory and nothing else :no_entry:. So besides access to 1 directory this user should have no other priviledge, so also no login or whatever. I also do not want to have password less guest access.
I hope you understand my point.

Is there any means in Nextcloud to create such users :thinking: I could imagine that it might be possible to edit /etc/passwd and grant a restricted bash. However this entry would be gone after an upgrade, cause it is on docker.
The Admin manual has no info or i haven’t found it. Any advice?

Hi @loriot and welcome to the forum!

Technically this user of course also “logs in” to Nextcloud. I think you mean something like “no access to the frontend”. I’m not aware, that NC would allow the configuration of such a user. You could of course give the user a quota of 0 and also block him from using other apps and only allow access to the scan folder.

1 Like

maybe you can use a (public) share… if the device can upload to https:// destination it could work.

Nextcloud has nothing to do with this file. It has completely independent internal user database.

because may be the opposite is the goal in general. Every user can enable MFA (/settings/user/security) and create app password with an option to prevent file system access… but this is rather opposite of what you are looking for…

cool idea - 0MB quota and save files into folder shared by another user! could still result is filling up other users disk but no more harm…


valid hint :slight_smile:


i am wondering where the www-data user comes from, however i didn’t check for a passwd file. I believe it is not from the host system (as i am using a docker container). So my guess was, there must be some means to add also system / technical users.

webserver user has nothing to do with Nextcloud application users.

so you expect people to help you and answer silly questions but don’t spend own time to understand the basics of the system?

@loriot passwd file is in /etc subfolder…
Zrzut ekranu 2024-02-23 o 21.24.13

As of adding user that cannot even login (interactivly or otherwise), here is little cheatsheet:

Thanks for the polite comment. Maybe you look around somewhere else and blame others to post silly questions.

Zrzut ekranu 2024-02-23 o 21.24.13

Thanks for taking time and the proposal: actually i am running nextcloud via docker, so any modifications to /etc/passwd would be gone after an upgrade.

I believe the useradd is just another means to fiddle with passwd and group files.

Besides that i have concerns to mess up with the security concept of Nextcloud. Access rights are handled by Nextcloud, so i did hope to create some user, e.g. inside the Nextcloud DB that has limited access.

Yes, right. /etc/passwd is about the underlying Linux. You shouldn’t use these users for directly writing or modifying files within your NC data directory…