Nextcloud version (eg, 10.0.2):12.03
Operating system and version (eg, Ubuntu 16.04):CentOS Linux 7.4.1708
Apache or nginx version (eg, Apache 2.4.25): Apache version 2.4.6
PHP version (eg, 5.6):7.0.25
The issue you are facing:
I need to be able to disable Desktop Synchronization for certain users/groups/folders.
How can one achieve this.
Thank You
David
This is currently not possible. Only thing you could do is to block all downloads which would be kind of weird … or you share only with public links and don’t allow federated sharing.
Could something not be done on the webdav side of things to allow and not allow based on user?
WebDAV is used by all clients including the Web … what are you trying to achieve and why?
You can try with the file access controls https://docs.nextcloud.com/server/12/admin_manual/file_workflows/access_control.html?highlight=file%20access%20control
but of course client agents are very easily manipulated, so this is fake protection, not a real one if you have a good reason for what are you trying to achieve …
Maybe it would also be possible to just block the remote webdav at all, of course then the mobile apps will not work either - which might or might not be fine for you.
Ill try the file permission thing, the basic reason for this is to ensure that files are not synchronized to their device and rather only web access.
I’m also interested in this. Any ideas for how to “block the remote webdav”?
There is no difference in the webDav endpoint of the client versus the web frontend. Same API is used. IMHO you should see a sync client as an advantage, not a disadvantage. From a security/privacy perspective the desktop client adds nothing which can’t be done through web …
“IMHO you should see a sync client as an advantage, not a disadvantage.” - of course it is, when you need it.
However, if you run OnlyOffice/Collabora to allow simultaneously work on a document and a user installed a sync client and also works on this document “off-line” using his desktop word/excel/powerpoint equivalent, one runs into serious problems.
Unfortunately, this is not rare situation in the way we use nextcloud.
Therefore, a control for syncclient access via administrator tools would be highly appreciated.
Agreed, there are also times when you want to allow contribution but prevent theft. For example, remote employees contributing to work product that is either confidential or intellectual property of the employer. Blocking sync/downloads is important to prevent them from keeping “backup” copies after termination.
The solution is to install and use this app:
“file access control”: https://apps.nextcloud.com/apps/files_accesscontrol
By setting rules you can exclude syncclients from accessing files.
hi!
I’m looking for a solution.
I’d like to give a special user group permission to access directly their files by IOS or android app - but only the automatic synchronisation should be forbidden. I want to avoid that important data is stored (through synchronisation) on a mobile device which can be stolen or lost.
Is that possible ?
In my opinion the “file access control app” blocks completely the access by IOS or Android app.
Thanks an advance,
Raphael
hello
is the a way to disable the webdav url in user nextcloud home ? i don 't want user can see this path: https://nextcloud*******/remote.php/dav/files/da128****10-1039-89a5-3755ccf99bee/
because when you try to use is it, you are in trouble 
is it possible to hide this ?
Occasionally I need to disable the desktop client’s ability to sync when I’m doing a lot of fire rearrangements. My reasoning is that syncing organizational file structure changes while they are in progress only creates a lot of extra bandwidth. Especially when TBs of data are involved.
While it’s never a good idea to edit core files I achieve this “temporarily” but adding this at the top of /remote.php
<?php
if(strpos($_SERVER['HTTP_USER_AGENT'],'mirall')!==false) exit;
It only looks for the mirall string in the user agent and prematurely exits if it finds it. Definitely not secure or recommended for long term use but it works for me.