Make user with readonly rights for download and absolutly no rights for changing anything


i found some discussions about making user with no upload or change rights by using “0 B” as quota. Thats ok - but these users still can change lots in their “Appearance and accessibility”, “Setting”, “Files Settings”… they can even change their password.

I want to use such users for an easy access for our students to downloads - we share some documents and all students can log in with one login for them all. But right now this user still can change to much stuff for every other user!

Is is possible to make such User? And no - sharing is not an option, because the sharing-URL is way to complex for easy spreading. Since years we use very entry way for download our scripts like Username = Password = name of lecture.


Sorry, no offense, but if you ask me this is a typical case of “you’re holding it wrong” :wink: Nextcloud isn’t designed to use it that way and neither are other collaboration tools. User Accounts are called User Accounts for a reason. Because they are (personal) user accounts and not lecture or project accounts.

Here a few options on how you could handle things differently:

  • Option 1:
    Create a personal account for each student and put the students in groups (by class, project etc.). Then you can share the documents with the relevant groups.
    (This would Imho be the correct way to do it, but also the way with the biggest administration overhead.)

  • Option 2:
    Open a Guest user account for each student
    (This would also be a correct way to do it, but since Guest accounts are already limited by design the administration overhead would be lower.)

  • Option 3:
    Open shared Guest accounts for each lecture / class, instead of normal accounts.
    (I’m not a fan of that, because of the shared passwords, but this will probably be the way you will go… :wink: )

  • Option 4:
    Use public shares and rename the random string to the name of the lecture: ShareRenamer - Apps - App Store - Nextcloud
    (I’m not a fan of that either, but the shared accounts and passwords you are using now aren’t any more secure. :wink: )

Thank you,

Non of the above ways are coming near the way we want to us it.

Well - then it would be a good idea to go also one step back and make the usage of fine grained user down to the read-only people possible - then i think there are a lot of possible fields of usage for an easy user with no other rights then download files…:wink:

btw - for now i solved the problem for us by using net2ftp as we had it the last few years. Maybe it was a bad idea trying to use Nextcloud…:wink:

I will try to understand what you are writing here:

You are gonna publish or send a link to each student for where to go for downloading something. And you cannot just make named share links like this?:


The above will work as you requests, and the best part it requires no users. You can even password protect each link, and share that password with the students in scope for those links.

You could also use LDAP and prevent password changes through Nextcloud. Yes, users can change all their personal settings.

Using the guest account app, you are able to make guests who can change nothing, but still needs a password.

If none of the above works for you, I fails to understand your use case. Sorry.


Then you did not yet know all the posibilities.
One (ShareRenamer) is already mentioned by @bb77 but that App is nearly stale and works on old code. The App “Configurable Share Links” comes with slightly more options and builds upon the new API of the server, introduced with NC23:

   App-Id          cfg_share_links
   App-Name        Configurable Share Links
   Summary         App adding the ability to specify share tokens
   Category(s)     tools files
   App-Version     4.1.0
   PHP min/max     8.0 / 8.2
   NC min/max      25 / 27

With that tool you can make solutions like you want, with a simple name (= login (omited)) = password.

You can decide if the files inside of that folder are read only or whatever ACL you want.

Much luck.


Excactly like this. I am using this app myself and it was with that in mind I made those examples of links.

1 Like

I want to use the URL only with a easy easy easy user without the “/index.php/s/xxxxx” after the URL…
And normally i only use modules by private maintainer - there in never know if they are working after upgrades or if they get maintained at all.

There is a catch 22 in the overall requirements you are pursuing, the very foundation and puropose of Nextcloud and the concept.

ONLY the guest user app can make this work for you then.

Is this not easy enough?


How to get pretty URLs (removing the index.php) is described → here ←

1 Like

Well I wouldn’t say it was a bad idea per se, and as we already established in this thread, you can implement something similar with Nextcloud (Guest App and / or Share Renamer).

However, if you don’t want to use the file sharing and collaboration features which Nextcloud was actually designed for, and you’re already using a tool that does exactly what you need, I gotta agree that it doesn’t make much sense to switch to something else.

Matter of fact, dedicated tools, designed for a specific task or usecase, are often a better choice compared to all-in-one solutions, especially if you only need a fraction of the functionality offered by these all-in-one solutions.

Just like the UNIX philosophy says: “Do One Thing and Do It Well” :slight_smile:


Maybe you can use a HTML text field to get a $username. Something like this:

             <form method="post" action="script.php">
                     <input type="text" name="username" placeholder="username">
                     <button>Go to Nextcloud</button>

And then you need a php script script.php like this. Set a default username and set all users and Nextcloud shares. Default username e.g. “user2” can be a link back to your homepage.

if (isset($_POST['username']))
    $username = $_POST['username'];
    $uername = trim($username);
    $username = strtolower($username);
    $username = "user2";
$nextcloud = array(
    "user1" => "https://cloud.server.tld/s/12345678",
    "user2" => "https://cloud.server.tld/s/abcdefghij",
    "user3" => "https://cloud.server.tld/s/1a2b3c4d5ee"
foreach ($nextcloud as $x => $y)
    if ($username == $x)
        header("Location: $y", true, 301);

Then the user is redirected to the correct Nextcloud share and the user must input the correct password for the Nextcloud share. Advantage is also that you need to know a username to be redirected to the correct share. Also you can use one landing page for all users.

Maybe not a really nice program. But sorry i can not really program software.

1 Like