Nextcloud version (28.0.2):
Operating system and version (latest Fedora):
version info (docker container from Docker Hub):
I am running my Nextcloud instance at home via docker on an Intel NUC. Almost anything fine so far
I also want to connect some devices like HP printer/scanner or external products that are low trust, so i do want to restrict their permissions.
In many technical systems there is an option to restrict access of technical users . So i would like to have some technical user, let’s call it scan that can write scanned PDFs to some directory and nothing else . So besides access to 1 directory this user should have no other priviledge, so also no login or whatever. I also do not want to have password less guest access.
I hope you understand my point.
Is there any means in Nextcloud to create such users I could imagine that it might be possible to edit /etc/passwd and grant a restricted bash. However this entry would be gone after an upgrade, cause it is on docker.
The Admin manual has no info or i haven’t found it. Any advice?
Technically this user of course also “logs in” to Nextcloud. I think you mean something like “no access to the frontend”. I’m not aware, that NC would allow the configuration of such a user. You could of course give the user a quota of 0 and also block him from using other apps and only allow access to the scan folder.
maybe you can use a (public) share… if the device can upload to https:// destination it could work.
Nextcloud has nothing to do with this file. It has completely independent internal user database.
because may be the opposite is the goal in general. Every user can enable MFA (/settings/user/security) and create app password with an option to prevent file system access… but this is rather opposite of what you are looking for…
i am wondering where the www-data user comes from, however i didn’t check for a passwd file. I believe it is not from the host system (as i am using a docker container). So my guess was, there must be some means to add also system / technical users.
Thanks for taking time and the proposal: actually i am running nextcloud via docker, so any modifications to /etc/passwd would be gone after an upgrade.
I believe the useradd is just another means to fiddle with passwd and group files.
Besides that i have concerns to mess up with the security concept of Nextcloud. Access rights are handled by Nextcloud, so i did hope to create some user, e.g. inside the Nextcloud DB that has limited access.
Yes, right. /etc/passwd is about the underlying Linux. You shouldn’t use these users for directly writing or modifying files within your NC data directory…
. So i would like to have some technical user, let’s call it scan that can write scanned PDFs to some directory and nothing else 
. So besides access to 1 directory this user should have no other priviledge, so also no login or whatever. I also do not want to have password less guest access.
I could imagine that it might be possible to edit /etc/passwd and grant a restricted bash. However this entry would be gone after an upgrade, cause it is on docker.
