Need Feeedback on Nextcloud Folder/Access Setup


I would like your comments on my nextcloud configuration please

  • does it make sense?
  • could/should it be done better and how would this look like?

Whats needed?

  • Customers can access this cloud to upload/download documents
    • This is a pure short term transfer solution
  • Example
    • Customers uploads file
    • Business takes file customers file and moves it out of said folder to their own server where it is stored and being worked on
    • Business takes some other file and puts it inside the Customers folder to be downloaded and deleted shortly after
  • Customers must only be allowed to access their own files (each Customer has a seperate Folder)
  • In terms of Customer count:
    • We are talking 300 to 1000 customers (added slowly over time)

My Setup so far:

  • got a prebuild VM from which has enough storage space for my needs
  • created a custom data folder:
    sudo mkdir -p /var/nextcloud_external_data
  • gave permissions
    sudo chown -R www-data:www-data /var/nextcloud_external_data
  • Added external (local) Storage in the GUI using an admin account to the new folder (/var/nextcloud_external_data/) named Customers
  • Added external Storage in GUI with the Admin Account
    • Path: /var/nextcloud_external_data
    • Available for: Administrator Group
  • Now the Workflow for setting up a new Customer:
    • Admin creates new User Customer1 (user registration is disabled)
    • Admin creates new folder named customer1 in Customers
    • Admin creates new external (local) storage (via GUI):
      • Path: /var/nextcloud_external_data/customer1
      • Available for: Customer1, admin(group)

What I still need to do:

  • Setup SMB share for /var/nextcloud_external_data
    • This will be used as a mapped network drive for the windows clients of the Business
    • Employees will drop in files for customers (in their specific subfolders)
    • Employees will take (copy/delete or just move) files from customer specific subfolders and move them into their own Document Management Software

My Idea about this setup:

So we have 1 external storage folder which the admin group can access and 1 external storage folder for each customer where only that specific customer (and the admin group of course) has access to.

The only possible concern I have about this solution is that there will be quite a lot of external storage locations. Is that a problem? Is there a better way?

Would love to hear what you guys think about this Solution :wink:

I also though about going with a smb share as the external storage. An SMB Share on the main storage array (outside of nextclound server) would have the benefit of being covered by the existing backup solution. But that would mean a lot of smb sessions (1 for Customers and 1 for each Customers specific folder) to the main storage array so I went with local external storage as so many sessions to the same directory/subdirectory might be problematic?


I haven’t tried it recently, would mounting webdav network storage be an option? I haven’t tested that in recent Windows versions, before it was very buggy (or then with 3rd party software).

You could have one business account, where all the data is stored. For each customer, you create a new user, the business account shares a new folder to this customer.

Other idea, use smb as primary storage (there is not many documentation unfortunately, you find some examples from earlier versions). Each user has a smb-user and at login on Nextcloud, you get connected to your SMB share. Within smb you manage the business user that can read the user’s file.

There is also a workflow app. Not sure how it could help you to autotomize certain things.