File retention and versioning if user deletes a file/folder


I want to give access to Nextcloud to my team. The issue is that for my own safety, and my company’s safety too, i want to have a log of changes or ideally a “backup” of all files so that i know if a malicious user deletes anything.

Case scenario: We have a project running for a client. Employee A gets upset from the client and decides to go ahead and delete important files of the project so that it falls behind schedule and client does get what he needs. Employee A leaves company the next day.

How can i, the Nextcloud admin, prevent this from happening? What tools/apps of Nextcloud can i use so that i have a logging, versioning (git?) or a backup of every file a user deletes?

Ideally i’d like:

  • any file/folder deleted by a user could go to an Admin Recycle Bin so that the Admin can decide if it gets deleted or not.
  • any file/folder changes are written to a log.
  • any system changes made by a user are written to a log.

Please kindly have in mind that the Nextcloud installation i’m referring will be used only for business projects and not for uploading personal data by any user.

Kindly request your assistance to find a good solution.

Thank you

hi @olet welcome to the forum :handshake:

I don’t think there is way to achieve what you want. Regarding tracking the actions you want to take a look at admin audit - this will show every file change in the system.

but if the malicious user decides to delete files they go to the trash bin and if she decides to empty the trash bin all the files are finally deleted. Then you should restore the system. Depending on your knowledge and paranoia you might want to setup the system using a modern file system like ZFS and perform frequent snapshots so you could recover easier…

There is no concept of “admin recycle bin” in Nextcloud and I don’t think there will be one as will completely turn inside out the idea of privacy and giving control over the data to the user. It would even introduce privacy (confidentiality) questions - is the admin allowed to see the data user deleted.

Definitely system admin can always access the data if there is no e2e but this requires full storage access.

Hey @wwe, thank you for taking time to reply! :slightly_smiling_face: Much appreciated!

News are not good for my case then. :frowning_face:

I can’t be the first one thinking of it. What other businesses or organizations do in this field to answer this problem? Any feasible solutions? Relying primarily on snapshots or simple backups is a solution but there are cases where this is not enough.

this is the wrong place to ask questions about businesses :wink: but in my already long IT career I didn’t hit even once hit an issue when proper backup was not good enough. Definitely it might be hard to define and setup the right strategy but good backup is the only method which protects you from almost every data loss.