At work we use NextCloud and a file server.
While to fileserver is heavily organized and permission wise structured. NextCloud has totally grown wild. (historically reasons before i was an admin here) . One solution would be to remove nextcloud simply because it brakes our security standards. That wont amuse a lot of users, so i wonder if another solution is possible :
Can nextcloud be on top of the existing remote(remote as in different VM)
file server shares, ea be a web interface to the well structured (samba) file server shares. And so any file alterings are done against the users permissions.
Nextcloud defines users and SMB/CIFS defines users.
You must map them each other (user/group) and not map all data from SMB/CIFS to all users in Nextcloud.
I also think that your SMB/CIFS is your primary system and Nextcloud is more a frontend for sharing and collaboration.
Indeed it should preferably only be a front-end solution, making no use of a local mariadb.
Its a bit confusing though, we use SAMBA AD, an also nextcloud uses that.
But when using SMB/CIF external storage, does nextcloud use the users login to allow or disallow file actions ?. (not a nextcloud-root alike to connects to a share)
Ok I didnt knew that, so I quickly tested this in a test VM, i set it to “login credentials saved in session”, as I assume that’s the user connection credentials but it keeps giving me a red warning, not sure why… hmm