Nextcloud client show local folder

Dear all,

thanks for this opensource.
With my current configuration the nextcloud plugin shows the “local” folder including folder tree and files for everything contained. Something I would try to avoid due to privacy between users.

grafik

I have checked the data folder permissions which read as below

I have scanned all files afterwards. No changes observed.

Any hints on how to alleviate the situation are well appreciated.

Best regards

Sebastian

It looks like you have remotely mapped the server’s data folder. You should remove this mapping immediately without making any changes. The server data folder is not intended to be accessed directly.

1 Like

@KarlF12 thanks for taking the time. I would like to remove the mapping from the server side, so that I may assume all clients behave the same. I have looked into directory permissions, but they look similar to a default install.

1#Permissions of data directory
grafik

2#Permissions of link
grafik

So I assume data mappings are done through the database. My question thus is:
How would I either a) remove mapping through the command line or b) directly within the database?

Best regards

Sebastian

the groupfolders app (which uses the mentioned __groupfolders directory) is specifically designed to share the data with specific users group. You can control who has access to contents of the stored data using a group membership. “personal” data is not mean to be stored in such shared folder - in your screenshot there is an “admin” folder which holds files of the user “admin” - each user has it’s own folder - and users don’t have access to files of another user.

@wwe : thanks for taking the time. I am experimenting with groupfolders. The behaviour is understood in the way that I may create and manage user rights on newly created group folders.

Now I would like to modify access rights to the current folder structure for users to only allow them to access their private folders and to convert existing folders to group folders in order to avoid resyncing large amounts of data.

Any further hints are highly welcome.

by default users can access only own files and folders through Nextcloud. Every users files are separated. If you access server storage directly this is wrong and completely out of scope of the application.

If this is not the case you broke something on your installation and you need to describe the issue in detail - how you access you Nextcloud, which files do you see, if the issue occurs for new user, which Shares are in place etc…

@wwe: thanks for taking the time. Please see below for the admin user view after having logged in through the web interface


Any hints on how to hide the folder “Local” through for example config files is highly welcome.

Have you configured it as such in the external storage settings?

@KarlF12 : thanks for taking the time. It is configured as below

If you don’t want your users tampering with your data folder (which will inevitably eventually break it) then don’t mount it for them as external storage.

If that local folder is your server’s data folder, it should absolutely not be mounted in this way.

1 Like

@KarlF12
I have taken instruction as per

https://www.truenas.com/docs/scale/scaletutorials/apps/nextcloudscale/#adding-nextcloud-storage

On my system a FreeNAS dataset is mounted to

/mnt/cloud/data

From webroot a symbolic link is pointing as below

data-> /mnt/cloud/data

Please kindly comment the statements below.

1#The symbolic link should be removed, so that webroot from data and external storage “Lokal” do not interfere.
2#With services down, below existing files/folders should be moved to webroot data

__groupfolders
.htaccess
.ocdata
appdata*
index.html
nextcloud.log*
updater*
3#Create mount points per user, and point to relative directories with acccess limited to user.
4#Proceed all above while maintaining General troubleshooting — Nextcloud latest Administration Manual latest documentation

In my opinion, this is flawed advice in the instructions. If you need to create a mount point for other data on the TrueNAS system, that’s fine, but under no circumstances should you mount the Nextcloud data folder or any subfolder in it. This data should be accessed through Nextcloud only.

1 Like

@KarlF12 : Thanks for taking the time. A remaining question to me is thus how to seperate the user folders from the nextcloud data. If I would simply move all data from /mnt/cloud/data to webroot data, the situation would remain the same and information would remain visible as per initial posting Nextcloud client show local folder

So it is to me a question of hiding and seperating the folder
grafik

My config.php reads

‘datadirectory’ => ‘/usr/local/www/nextcloud/data’,
‘dbtype’ => ‘mysql’,

So to me all data handling is done to everything hosted under datadirectory and granted to user www (which is nextcloud). I assume that permissions are handled from within the nextcloud database, which resides on mysql. Thus all files / folders under data may have the same file/folder permission which showing different results to different end users.

My question is thus how to alter the database to remove permissions to view files under “Local”. Alternatively this could be a mistake in webserver setup. I will review my settings for nginx, whether I misconfigured something there.

Yes, this is correct.

You don’t. If you don’t want them to have access to that folder, then don’t share it with them in your external storage settings.

If each person needs just a subfolder of it, they can mount anything they have permissions to access in the per-user external storage settings.

The simple solution was to remove external storage, as there is no necessity for it. The directory link still works. Nextcloud does the permission handling and TrueNAS the daily backup.