Hi team,
After upgrading to Nextcloud 31.0.3, I noticed that group administrators can no longer create new users, even though this worked perfectly in 31.0.2.
How it worked before (in 31.0.1):
When I assigned a regular user as a group admin, that user could create new accounts restricted to the group(s) they manage. This was a great feature for delegating user management.
What’s happening now (in 31.0.3):
When the group admin tries to create a new user:
- The user creation form automatically includes the “admin” group.
- Since the group admin does not have permission to assign users to the “admin” group, the creation fails.
- The group admin cannot remove “admin” from the group list nor manually assign their managed group(s) in the form.
As a result, group admins are completely blocked from creating new users.
The Basics
- Nextcloud Server version (e.g., 29.x.x):
31.0.3.2
- Operating system and version (e.g., Ubuntu 24.04):
FreeBSD 14.2-RELEASE
- Web server and version (e.g, Apache 2.4.25):
NGINX /1.26.3
- PHP version (e.g, 8.3):
8.3
- Is this the first time you’ve seen this error? (Yes / No):
Yes
- When did this problem seem to first start?
after upgrade from 31.0.2 to 31.0.3
- Installation method (e.g. AlO, NCP, Bare Metal/Archive, etc.)
Bare Metal
- Are you using CloudfIare, mod_security, or similar? (Yes / No)
No
Summary of the issue you are facing:
After upgrading to Nextcloud 31.0.3, I noticed that group administrators can no longer create new users, even though this worked perfectly in 31.0.2.
[…]
Steps to replicate it (hint: details matter!):
- Create a regular user (not an admin).
- Assign this user as a group admin of one or more groups.
- Log in as this group admin.
- Go to the “Users” section from the menu.
- Click the “+” (Add user) button to create a new user.
- Observe that the “admin” group is pre-selected in the group list (even though this group admin should not manage it).
- Try to remove the “admin” group or assign a valid group – it’s not possible.
- Attempt to create the user – the action fails.
- Open the browser developer console – an error appears:
Log entries
There are no log error records
Web Browser
[ERROR] settings: Failed to load groups
Request URL:
https://batatais.duckdns.org/nextcloud/ocs/v2.php/cloud/groups/details?search=&offset=0&limit=25
Request Method:
GET
Status Code:
403 Forbidden
Remote Address:
177.74.188.101:443
Referrer Policy:
no-referrer
Configuration
Nextcloud
The output of occ config:list system:
{
"system": {
"apps_paths": [
{
"path": "\/usr\/local\/www\/nextcloud\/apps",
"url": "\/apps",
"writable": true
},
{
"path": "\/usr\/local\/www\/nextcloud\/apps-pkg",
"url": "\/apps-pkg",
"writable": false
}
],
"logfile": "\/var\/log\/nextcloud\/nextcloud.log",
"memcache.local": "\\OC\\Memcache\\APCu",
"memcache.locking": "\\OC\\Memcache\\Redis",
"memcache.distributed": "\\OC\\Memcache\\Redis",
"filelocking.enable": true,
"redis": {
"host": "***REMOVED SENSITIVE VALUE***",
"password": "***REMOVED SENSITIVE VALUE***",
"port": 0,
"timeout": 0
},
"instanceid": "***REMOVED SENSITIVE VALUE***",
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"batatais.duckdns.org",
"batataisdocumentserver.duckdns.org",
"fileserver.pmbatatais.intra"
],
"datadirectory": "***REMOVED SENSITIVE VALUE***",
"appdataroot": "\/var\/tmp\/nextcloud",
"dbtype": "pgsql",
"version": "31.0.3.2",
"overwrite.cli.url": "https:\/\/batatais.duckdns.org\/nextcloud",
"dbname": "***REMOVED SENSITIVE VALUE***",
"dbhost": "***REMOVED SENSITIVE VALUE***",
"dbport": "",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"installed": true,
"mail_smtpmode": "smtp",
"mail_smtpsecure": "ssl",
"mail_sendmailmode": "smtp",
"mail_from_address": "***REMOVED SENSITIVE VALUE***",
"mail_domain": "***REMOVED SENSITIVE VALUE***",
"mail_smtphost": "***REMOVED SENSITIVE VALUE***",
"mail_smtpport": "465",
"mail_smtpauth": 1,
"mail_smtpname": "***REMOVED SENSITIVE VALUE***",
"mail_smtppassword": "***REMOVED SENSITIVE VALUE***",
"forbidden_filename_basenames": [
"con",
"prn",
"aux",
"nul",
"com0",
"com1",
"com2",
"com3",
"com4",
"com5",
"com6",
"com7",
"com8",
"com9",
"com\u00b9",
"com\u00b2",
"com\u00b3",
"lpt0",
"lpt1",
"lpt2",
"lpt3",
"lpt4",
"lpt5",
"lpt6",
"lpt7",
"lpt8",
"lpt9",
"lpt\u00b9",
"lpt\u00b2",
"lpt\u00b3"
],
"forbidden_filename_characters": [
"<",
">",
":",
"\"",
"|",
"?",
"*",
"\\",
"\/"
],
"forbidden_filename_extensions": [
" ",
".",
".filepart",
".part"
],
"maintenance": false,
"default_phone_region": "BR",
"skeletondirectory": "",
"defaultapp": "files",
"maintenance_window_start": "1",
"force_locale": "pt_BR",
"default_timezone": "America\/Sao_Paulo",
"default_language": "pt_BR",
"theme": "",
"loglevel": 0,
"updater.release.channel": "stable",
"enabledPreviewProviders": [
"OC\\Preview\\BMP",
"OC\\Preview\\GIF",
"OC\\Preview\\JPEG",
"OC\\Preview\\Krita",
"OC\\Preview\\MarkDown",
"OC\\Preview\\MP3",
"OC\\Preview\\OpenDocument",
"OC\\Preview\\PNG",
"OC\\Preview\\TXT",
"OC\\Preview\\XBitmap",
"OC\\Preview\\TIFF",
"OC\\Preview\\HEIC",
"OC\\Preview\\HEIF",
"OC\\Preview\\EMF"
],
"app_install_overwrite": []
}
}
Apps
The output of occ app:list (if possible):
Enabled:
- activity: 4.0.0
- announcementcenter: 7.1.0
- bruteforcesettings: 4.0.0
- calendar: 5.2.1
- circles: 31.0.0
- cloud_federation_api: 1.14.0
- comments: 1.21.0
- contacts: 7.0.5
- contactsinteraction: 1.12.0
- dashboard: 7.11.0
- dav: 1.33.0
- federatedfilesharing: 1.21.0
- federation: 1.21.0
- files: 2.3.1
- files_downloadlimit: 4.0.0
- files_pdfviewer: 4.0.0
- files_reminders: 1.4.0
- files_sharing: 1.23.1
- files_trashbin: 1.21.0
- files_versions: 1.24.0
- firstrunwizard: 4.0.0
- forms: 5.1.0
- logreader: 4.0.0
- lookup_server_connector: 1.19.0
- nextcloud_announcements: 3.0.0
- notes: 4.11.0
- notifications: 4.0.0
- oauth2: 1.19.1
- onlyoffice: 9.8.0
- password_policy: 3.0.0
- photos: 4.0.0-dev.1
- privacy: 3.0.0
- profile: 1.0.0
- provisioning_api: 1.21.0
- recommendations: 4.0.0
- related_resources: 2.0.0
- serverinfo: 3.0.0
- settings: 1.14.0
- sharebymail: 1.21.0
- support: 3.0.0
- survey_client: 3.0.0
- systemtags: 1.21.1
- tables: 0.9.0
- tasks: 0.16.1
- text: 5.0.0
- theming: 2.6.1
- twofactor_backupcodes: 1.20.0
- updatenotification: 1.21.0
- user_status: 1.11.0
- user_usage_report: 2.0.0
- viewer: 4.0.0
- weather_status: 1.11.0
- webhook_listeners: 1.2.0
- welcome: 1.2.1
- workflowengine: 2.13.0
Disabled:
- admin_audit: 1.21.0 (installed 1.21.0)
- app_api: 5.0.2 (installed 4.0.5)
- encryption: 2.19.0
- files_external: 1.23.0
- suspicious_login: 9.0.1
- twofactor_nextcloud_notification: 5.0.0
- twofactor_totp: 13.0.0-dev.0
- user_ldap: 1.22.0 (installed 1.22.0)