MacOS Client update forgets keep downloaded/loses system permissions

The Basics

• Nextcloud Server version (e.g., 29.x.x):

  • 32.0.6

• Client Operating system and version (e.g., Ubuntu 24.04):

  • MacOS 26.3.1 (a) (Silicon)

• Client version:

  • 33.0.2

• When did this problem seem to first start?

  • Since Version 33, maybe earlier

Summary of the issue you are facing:

When updating the client software because I was prompted by nextcloud to do so, I downloaded the .pkg file and run it to upgrade the client to 33.0.2

The client is set up to use virtual files.

The client forgot the “keep downloaded” files and deleted them. Also I had to grant new system file permissions.

This behaviour is very annoying because I have to re download a lot of files as well as be aware to have them downloaded in case I am going offline.

Steps to replicate it (hint: details matter!):

1. I have not reproduced this issue

Please find attached the nextcloud.cfg file I generated with the debug option of the client:

[General]
clientPreviousVersion=33.0.0
clientVersion=33.0.2
confirmExternalStorage=true
desktopEnterpriseChannel=stable
fileProviderDomainsAppSandboxMigrationCompleted=true
isVfsEnabled=false
lastSelectedAccount=1
launchOnSystemStartup=true
monoIcons=true
moveToTrash=false
newBigFolderSizeLimit=500
notifyExistingFoldersOverLimit=false
optionalServerNotifications=true
promptDeleteAllFiles=false
serverHasValidSubscription=true
showCallNotifications=true
showChatNotifications=true
showInExplorerNavigationPane=false
showQuotaWarningNotifications=true
stopSyncingExistingFoldersOverLimit=false
updateChannel=stable
useNewBigFolderSizeLimit=true

[Accounts]
0\authType=webflow
0\dav_user=REDACTED
0\desktopEnterpriseChannel=stable
0\displayName=REDACTED
0\encryptionCertificateSha256Fingerprint= REDACTED
0\fileProviderDomainIdentifier=b REDACTED
0\networkDownloadLimit=0
0\networkDownloadLimitSetting=0
0\networkProxyHostName=
0\networkProxyNeedsAuth=false
0\networkProxyPort=0
0\networkProxyType=0
0\networkProxyUser=
0\networkUploadLimit=0
0\networkUploadLimitSetting=0
0\serverColor= REDACTED
0\serverHasValidSubscription=true
0\serverTextColor= REDACTED
0\serverVersion=31.0.13.2
0\url= REDACTED
0\version=13
0\webflow_user= REDACTED
1\authType=webflow
1\dav_user=user
1\desktopEnterpriseChannel=stable
1\displayName= REDACTED
1\encryptionCertificateSha256Fingerprint=@ByteArray()
1\fileProviderDomainIdentifier= REDACTED
1\networkDownloadLimit=0
1\networkDownloadLimitSetting=0
1\networkProxyHostName=
1\networkProxyNeedsAuth=false
1\networkProxyPort=0
1\networkProxyType=0
1\networkProxyUser=
1\networkUploadLimit=0
1\networkUploadLimitSetting=0
1\serverColor= REDACTED
1\serverHasValidSubscription=false
1\serverTextColor= REDACTED
1\serverVersion=32.0.6.1
1\url= REDACTED
1\version=13
1\webflow_user= REDACTED
version=13

[Nextcloud]
autoUpdateCheck=true

This is an inevitable consequence of the introduction of the macOS app sandbox we cannot counteract. I am sorry for your frustrating experience.

The client forgot the “keep downloaded” files and deleted them.

The migration from unsandboxed previous release installation to newly installed sandboxed release installation requires the file provider domains of the file provider extension to be set up from scratch, unfortunately discarding all associated metadata. There is no migration possible in that case.

Also I had to grant new system file permissions.

This is required by the macOS security model in which apps are not allowed to access file system items outside their sandbox without explicit user consent. Our app has changed from being unsandboxed to sandboxed with the latest major release. The previous (and partially unnecessary privileges) were based on a much larger trust grant at the cost of security but do not apply anymore. Now the app has to request user consent in more cases. This does not affect newly created sync folders because their selection on installation is considered to be user consent.