Remote sharing: NC 13 does not work as expected

Long message, short question: why does a shared folder not appear in the view shared with you and why can a shared folder which has been marked of the owner as cant’ reshare be shared in public?

I have 2 different vHosts with Nextcloud 13.02 installed, let’s say a green one and a blue one.

On the green Nextcloud instance, a user is sharing a folder with a user on the blue one. The folder name ist Nossi Possi (some kind of music). Sharing conditions are: readonly and can’t reshare.

Now the shared folder ist in the view shared from you on the green server.


The user on the blue server is receiving a notification of a remote share of the green server:


and is accepting it. Therefore the folder is now visible in the home directory of the user on the blue server.

But the folder shared with you on the blue server is empty and this is the first question: why is it empty? In my opinion, the shared folder should appear here.

Now, the blue user is going to public share the shared folder although it has been marked of the owner as can’t reshare. And this is the second question: why is this possible?

The folder is now in the view shared from you

but i should not, because the folder is marked of the owner as can’t reshare.

Paste the public link in a different browser where no one is logged in into Nextcloud

Everything is possible but it should not.

Thank you for the enlightenment!

You are using federated sharing which is an open standard. Its using public links and can only have such rights as they are available for such. The re-share flag is not available for public links and therefor not propagated. The system is suggesting to you a rights management which doesn’t exist. You rightfully opened a bug for that, so we will see if a developer picks it up or not.

6 days ago

I hope so.
In my opinion, this issue is a question of security.

Did you get any answer yet? I am with you, this is a huge security issue, giving the people the impression that they can share without re-share rights but in reality there is no way to suppress that.

Unfortunately not.

I just tried it myself. I added a small comment on github, hopefully you will have an answer soon.

Now it has been marked on Github as bug by a developer.

1 Like

Same in 14, or? I fear you need to be a paying customer to get any priority …