I don’t want users to be able to add files/folders to the root of their data directories. Instead I want them to use the external storage we provide for them. Users are added/removed dynamically via ldap, otherwise I would simply lock the directory.
This will be placed in a distributed environment.
Thoughts?
Why not put the data directory on external storage, i.e. another disk on the underlying OS…?
Three ideas. All not tested:
a.) file control app
https://apps.nextcloud.com/apps/files_accesscontrol
b.) guest app
https://apps.nextcloud.com/apps/guests
(i do not know if it works with external shares, sorry)
c.) quota
Perhaps you can set the quota to 0 or only a few bytes ,-)
But why not spend the user a little bit nextcloud space?
Or do you disallow sharing external storage?
Using a quota worked! I set it to 100KB for the backend write tests to do their thing (though I will drop this lower before going to production), and come to find out that the quota does not impact external storage spaces. I was able to upload 2MB to an SMB share without hitting my quota.
On my other nextcloud instances I have smb mount points set to the user directories inside the data directory. This would not scale well in this deployment so I started using the external storage plugin. The server hosting nextcloud should not hold any data, so I didn’t want users accidentally writing to the data directory. All data must be kept in the worm backed primary storage.
Just in case anyone wanted to try using masks on the file system, I found there are write tests performed when the user is logging in. Unless you remove those checks, which would require editing update files as well, this is not a good option.