External Storage Permissions


Firstly I’ll apologise - I’m very new to NextCloud and similar and so please forgive me if these issues have been covered before. I’ve searched both Google and the forum here to no avail, but maybe I’ve not been searching for the right thing.

I’m planning a fairly small installation essentially just to give my partner and me access to our files outside the house.

I’ve installed NextCloud 11 and given it 100GB data partition, but I’d also like to use the “External Storage” app to allow access to other local folders on the server on a user by user basis.

I could add these as “local” storage but my understanding is that the www-data user would then need rw access to these locations and that’s not really viable given my set-up.

What I thought then was to use the SFTP option with stored credentials so that NextCloud accesses the data as the user provided. Would this work with SSH to localhost? And provide only access that the specific user has to the filesystem?

Presumably then any limitations applied to that linux user in the sshd would also apply to NextCloud?

Or, as ssh users often have access to sensitive areas would I be better setting up external storage to point at samba shares?

Again apologies for the probably dumb question, but I hope someone has the answer.

That is correct.

Yes, you have the same permission as if the user connected directly to sftp. You can then use the user’s quota of the system, ACLs on the filesystem, restrict to a jail, …

You can configure ssh in a way that it limits access to file transfer. I have used it a bit, never with samba shares, so I’m not sure how their compare in terms of performance.