File Access Control

ggranger · January 26, 2017, 2:33pm

Hi All,

I’ve just recently setup Nextcloud from scratch and its working great. I would like to control what types of files are allowed to be uploaded & downloaded from nextcloud. I’ve added the app "“File access control” and using Admin manual using the zip example, I can see it blocking zip files which is great.

/^application/(zip|x-zip|x-zip-compressed)$/i = works as expected

My problem is that i want to block executable’s and some other types from being left of the system, but I don’t know what I’m doing, all the other topics i can find all basically send you back to the admin manual which doesn’t help someone like me.

I’ve blindly tried a few things listed below, none of which seem to work and I’m a little bit out of my comfort zone.

/^application/(octet-stream|exe|bat|msi|com|dll|x-msdownload)$/i
/^application/(octet-stream|msdownload|exe|x-exe|dos-exe|x-winexe|msdos-windows|x-msdos-program)$/i

Could someone spare me a few minutes to knock some mime type sense into me please.

I’m running version 11.0.0 on Ubuntu 16.04

Many thanks

Gabe

nickvergessen · January 26, 2017, 5:32pm

Easiest thing should be to upload the file in question and then look into the database.

I identified the following regex for you:
/^application\/(octet-stream|x-ms-dos-executable|x-msi)$/i

For more information you can also look at https://github.com/nextcloud/server/blob/master/resources/config/mimetypemapping.dist.json
That is the list of “file extension” => “mimetype” we identify. If you want to identify more files, you find a comment about that in the first 5 lines of that file.

Asghardhyl · January 27, 2017, 10:54am

Hey, i don’t find the File Access Control App on my NC 11.0.1. As you run the 11.0.0 version, did you find it in the App Store ?

Akhenaton · January 27, 2017, 11:05am

The File Access Control App is shipped with the nextcloud core. Just enable it in your disabled apps list.

ggranger · January 27, 2017, 11:08am

Thanks for the quick reply, this worked perfectly.

Asghardhyl · January 27, 2017, 11:12am

Thanks ! Just a reflection, we can’t find it with the research item.

Etiennehb · November 21, 2017, 1:36pm

I tried it and it block other file type than msi files like .ICO
To remedy to that I’ve replaced the octet-stream by msi:
/^application/(msi|x-ms-dos-executable|x-msi)$/i