thanks for this opensource.
With my current configuration the nextcloud plugin shows the “local” folder including folder tree and files for everything contained. Something I would try to avoid due to privacy between users.
I have checked the data folder permissions which read as below
It looks like you have remotely mapped the server’s data folder. You should remove this mapping immediately without making any changes. The server data folder is not intended to be accessed directly.
@KarlF12 thanks for taking the time. I would like to remove the mapping from the server side, so that I may assume all clients behave the same. I have looked into directory permissions, but they look similar to a default install.
1#Permissions of data directory
2#Permissions of link
So I assume data mappings are done through the database. My question thus is:
How would I either a) remove mapping through the command line or b) directly within the database?
the groupfolders app (which uses the mentioned __groupfolders directory) is specifically designed to share the data with specific users group. You can control who has access to contents of the stored data using a group membership. “personal” data is not mean to be stored in such shared folder - in your screenshot there is an “admin” folder which holds files of the user “admin” - each user has it’s own folder - and users don’t have access to files of another user.
@wwe : thanks for taking the time. I am experimenting with groupfolders. The behaviour is understood in the way that I may create and manage user rights on newly created group folders.
Now I would like to modify access rights to the current folder structure for users to only allow them to access their private folders and to convert existing folders to group folders in order to avoid resyncing large amounts of data.
by default users can access only own files and folders through Nextcloud. Every users files are separated. If you access server storage directly this is wrong and completely out of scope of the application.
If this is not the case you broke something on your installation and you need to describe the issue in detail - how you access you Nextcloud, which files do you see, if the issue occurs for new user, which Shares are in place etc…
If you don’t want your users tampering with your data folder (which will inevitably eventually break it) then don’t mount it for them as external storage.
If that local folder is your server’s data folder, it should absolutely not be mounted in this way.
1#The symbolic link should be removed, so that webroot from data and external storage “Lokal” do not interfere.
2#With services down, below existing files/folders should be moved to webroot data
In my opinion, this is flawed advice in the instructions. If you need to create a mount point for other data on the TrueNAS system, that’s fine, but under no circumstances should you mount the Nextcloud data folder or any subfolder in it. This data should be accessed through Nextcloud only.
@KarlF12 : Thanks for taking the time. A remaining question to me is thus how to seperate the user folders from the nextcloud data. If I would simply move all data from /mnt/cloud/data to webroot data, the situation would remain the same and information would remain visible as per initial posting Nextcloud client show local folder
So it is to me a question of hiding and seperating the folder
So to me all data handling is done to everything hosted under datadirectory and granted to user www (which is nextcloud). I assume that permissions are handled from within the nextcloud database, which resides on mysql. Thus all files / folders under data may have the same file/folder permission which showing different results to different end users.
My question is thus how to alter the database to remove permissions to view files under “Local”. Alternatively this could be a mistake in webserver setup. I will review my settings for nginx, whether I misconfigured something there.
The simple solution was to remove external storage, as there is no necessity for it. The directory link still works. Nextcloud does the permission handling and TrueNAS the daily backup.