I have written a small command line program to do some small tasks in my Nextcloud installation. During the last update (SFTP Upload) Nextcloud started the maintenance mode. So far so good…
But: at the same time a non-privileged (but valid) account of a customer was logged in and he got the maintenance mode message, and he could start the update.
Why a customer account without any admin rights can execute the update? I am a bit confused. Is this a normal behavior?
Screenshot I received from the customer
Nextcloud version: 15.0.2