I’m facing a strange behavior with Group Folders, which I recently installed. Here’s the context:
- I used to have an external storage accessible to the whole team (DATA), but now that our repository is filling up, I’d like to have protected areas for sensitive files.
- Therefore, I created group folders such as C-R&D, C-HR, C-OPERATIONS, etc. (C is for Common), user groups for the same domains and would like to grant particular rights for each user group to the group folders. I.e. group “Engineering” has fill rights on C-R&D, but only read rights on C-HR or C-OPERATIONS. Nothing disruptive here
- One extra folder is dedicated to exchanging files with external users, such as customers or partners. This folder is named SHARED and is supposed in the future to host a dedicated folder for each entity: i.e. I’ll create an Acme folder for our customer ‘ACME’ who will be authorized to read/write/delete/share in (and only in) the SHARED/Acme sub-folder. I then suppose ACME users should at least be allowed to read the SHARED group folder…
- I’ve then created a new user group: Guests, which is given full rights on SHARED through the Group Folders settings: Write/Share/Delete.
- I will also create a new group for every entity who’s been granted access to SHARED: i.e. user “AcmeDirector” will be part of Guests and ACME groups. This way I could allow AcmeDirector to tweak access rights to other members of ACME organization.
- My take is: AcmeDirector will be granted access to the top SHARED folder as a member of Guests group, won’t be able to open any sub-folder in SHARED but the SHARED/Acme sub-folder. My understanding is that I’ll then need to:
** grant full rights to Guests on SHARED --> AcmeDirector will then be able to open SHARED.
** deny all rights to AcmeDirector on all sub-folders (SHARED/*)
** grant full rights to AcmeDirector on SHARED/Acme sub-folder
Now the weird issues:
- When I log as AcmeDirector, I can’t delete my own files! Ex: I just cannot delete the default ‘nextCloud.png’ file which is added by default in the user folder.
- nextCloud prevents me from entering the SHARED folder, indicating “operation is forbidden”, although AcmeDirector user is part of the Guests group.
Doesanyone please have a clue on what happens here? Is this a bug of Group Folders? Could be for point #2, but what about point #1?
In the meantime, I’m forced to grant all rights to Guests, which is a huge security breach!
Thanks in advance for any help!