Nextcloud version (eg, 10.0.2):12.03
Operating system and version (eg, Ubuntu 16.04):CentOS Linux 7.4.1708
Apache or nginx version (eg, Apache 2.4.25): Apache version 2.4.6
PHP version (eg, 5.6):7.0.25
The issue you are facing:
I need to be able to disable Desktop Synchronization for certain users/groups/folders.
This is currently not possible. Only thing you could do is to block all downloads which would be kind of weird … or you share only with public links and don’t allow federated sharing.
You can try with the file access controls https://docs.nextcloud.com/server/12/admin_manual/file_workflows/access_control.html?highlight=file%20access%20control
but of course client agents are very easily manipulated, so this is fake protection, not a real one if you have a good reason for what are you trying to achieve …
Maybe it would also be possible to just block the remote webdav at all, of course then the mobile apps will not work either - which might or might not be fine for you.
There is no difference in the webDav endpoint of the client versus the web frontend. Same API is used. IMHO you should see a sync client as an advantage, not a disadvantage. From a security/privacy perspective the desktop client adds nothing which can’t be done through web …
“IMHO you should see a sync client as an advantage, not a disadvantage.” - of course it is, when you need it.
However, if you run OnlyOffice/Collabora to allow simultaneously work on a document and a user installed a sync client and also works on this document “off-line” using his desktop word/excel/powerpoint equivalent, one runs into serious problems.
Unfortunately, this is not rare situation in the way we use nextcloud.
Therefore, a control for syncclient access via administrator tools would be highly appreciated.
Agreed, there are also times when you want to allow contribution but prevent theft. For example, remote employees contributing to work product that is either confidential or intellectual property of the employer. Blocking sync/downloads is important to prevent them from keeping “backup” copies after termination.
I’d like to give a special user group permission to access directly their files by IOS or android app - but only the automatic synchronisation should be forbidden. I want to avoid that important data is stored (through synchronisation) on a mobile device which can be stolen or lost.
Is that possible ?
In my opinion the “file access control app” blocks completely the access by IOS or Android app.
hello
is the a way to disable the webdav url in user nextcloud home ? i don 't want user can see this path: https://nextcloud*******/remote.php/dav/files/da128****10-1039-89a5-3755ccf99bee/
because when you try to use is it, you are in trouble
is it possible to hide this ?
Occasionally I need to disable the desktop client’s ability to sync when I’m doing a lot of fire rearrangements. My reasoning is that syncing organizational file structure changes while they are in progress only creates a lot of extra bandwidth. Especially when TBs of data are involved.
While it’s never a good idea to edit core files I achieve this “temporarily” but adding this at the top of /remote.php
It only looks for the mirall string in the user agent and prematurely exits if it finds it. Definitely not secure or recommended for long term use but it works for me.