Groupadmin add new users

We have a cloud with 50 users and a few groups.
Not every user is in a group yet.

The groups have groupadmins, but this admins can not add an existing user to their group.

Is this a bug, or a feature?

would you like to give out some more information about your server?

No server, just a webspace.

Applist:
The current PHP memory limit is below the recommended value of 512MB.
Enabled:

  • accessibility: 1.4.0
  • activity: 2.11.0
  • admin_audit: 1.8.0
  • apporder: 0.10.0
  • bruteforcesettings: 1.6.0
  • calendar: 2.0.3
  • cloud_federation_api: 1.1.0
  • comments: 1.8.0
  • dav: 1.14.0
  • deck: 1.0.5
  • event_update_notification: 1.0.2
  • external: 3.5.0
  • federatedfilesharing: 1.8.0
  • federation: 1.8.0
  • files: 1.13.1
  • files_external: 1.9.0
  • files_mindmap: 0.0.22
  • files_pdfviewer: 1.7.0
  • files_rightclick: 0.15.2
  • files_sharing: 1.10.1
  • files_trackdownloads: 1.7.0
  • files_trashbin: 1.8.0
  • files_versions: 1.11.0
  • files_videoplayer: 1.7.0
  • firstrunwizard: 2.7.0
  • groupfolders: 6.0.7
  • impersonate: 1.5.2
  • logreader: 2.3.0
  • lookup_server_connector: 1.6.0
  • nextcloud_announcements: 1.7.0
  • notifications: 2.6.0
  • oauth2: 1.6.0
  • occweb: 0.0.7
  • password_policy: 1.8.0
  • polls: 1.4.3
  • privacy: 1.2.0
  • provisioning_api: 1.8.0
  • registration: 0.4.7
  • serverinfo: 1.8.0
  • settings: 1.0.0
  • sharebymail: 1.8.0
  • spreed: 8.0.10
  • support: 1.1.1
  • survey_client: 1.6.0
  • systemtags: 1.8.0
  • tasks: 0.13.3
  • text: 2.0.0
  • theming: 1.9.0
  • theming_customcss: 1.6.0
  • twofactor_backupcodes: 1.7.0
  • updatenotification: 1.8.0
  • user_usage_report: 1.2.3
  • viewer: 1.2.0
  • workflowengine: 2.0.0

Anything else?

ummm do we already know which version is affected?
which php?
which database?
is this a shared hosting?
any logfile-errors?
any unsolved setup-hints?

Okay, thanks:

NC 18.0.7
Channel “stable” no update available
PHP 7.3.17
mySQL: 5.7.28
Yes, it is a shared hosting. See the link in the post before.

Errors:

  • Invalid argument supplied for foreach() at /www/htdocs/xxx/cloud/apps/serverinfo/lib/Os.php#155
  • Undefined variable: result at /www/htdocs/xxx/cloud/apps/serverinfo/lib/OperatingSystems/DefaultOs.php#173
  • tempnam(): file created in the system’s temporary directory at /www/htdocs/xxx/cloud/lib/private/TempManager.php#127
  • OCA\DAV\Connector\Sabre\Exception\Forbidden: No read permissions

But can you please give me an answer of this question:
Is it possible for a groupadmin to add an existing user to his group?
Or can he just create a new user?

you seem to have no permission(s) to read in that directory. could be a problem :wink:

that should be possible but I am not sure (as I’m not working with groups)

I guess that’s only up to admins… but again not sure for 100%

This is a strange bug that affects an old admin user folder. Even after an occ files: scan it is still there. But what does this have to do with the group admin?

Can anyone confirm or refute that?
So can a group admins add existing users to their assigned groups?
The documentation is not clear there:
https://docs.nextcloud.com/server/15/admin_manual/configuration_user/user_configuration.html#granting-administrator-privileges-to-a-user

No, see the link above:

Group administrators have the rights to create, edit and delete users in their assigned groups.

that says it all. keywords “their assigned”

No, this refers to the fact that a group administrator, as opposed to a (super) administrator, has limited rights.

But I have just created users, groups and group administrators in a fresh NC.

Yes, the group admin can do what is in the documentation.
No, he cannot add any existing users to his group.

A user can also be the admin of a group of which he himself is not a member …

Now I just don’t understand the use case in which a group admin should be useful when the admin himself has to fill all groups.

I see the advantage of this limitation on a privacy level.

I don’t want group admins to be able to add any user to his/her group.

It’s a bit annoying as it results in more work for ‘super admins’, but even though…