Remote sharing: NC 13 does not work as expected

ℹ️ Support
, ,
1

Long message, short question: why does a shared folder not appear in the view shared with you and why can a shared folder which has been marked of the owner as cant’ reshare be shared in public?

 
I have 2 different vHosts with Nextcloud 13.02 installed, let’s say a green one and a blue one.

On the green Nextcloud instance, a user is sharing a folder with a user on the blue one. The folder name ist Nossi Possi (some kind of music). Sharing conditions are: readonly and can’t reshare.

nextcloud-sharing1
nextcloud-sharing1475×556 25.5 KB

Now the shared folder ist in the view shared from you on the green server.

nextcloud-sharing2

The user on the blue server is receiving a notification of a remote share of the green server:

nextcloud-sharing3

and is accepting it. Therefore the folder is now visible in the home directory of the user on the blue server.

nextcloud-sharing5
nextcloud-sharing5943×506 50.5 KB

But the folder shared with you on the blue server is empty and this is the first question: why is it empty? In my opinion, the shared folder should appear here.

nextcloud-sharing4
nextcloud-sharing4844×498 22.9 KB

Now, the blue user is going to public share the shared folder although it has been marked of the owner as can’t reshare. And this is the second question: why is this possible?

nextcloud-sharing6
nextcloud-sharing61090×490 48.5 KB

The folder is now in the view shared from you

nextcloud-sharing8
nextcloud-sharing8946×354 23.7 KB

but i should not, because the folder is marked of the owner as can’t reshare.

 
Paste the public link in a different browser where no one is logged in into Nextcloud

nextcloud-sharing7
nextcloud-sharing7776×515 44.7 KB

Everything is possible but it should not.

 
Thank you for the enlightenment!

2

You are using federated sharing which is an open standard. Its using public links and can only have such rights as they are available for such. The re-share flag is not available for public links and therefor not propagated. The system is suggesting to you a rights management which doesn’t exist. You rightfully opened a bug for that, so we will see if a developer picks it up or not.

3

6 days ago

I hope so.
In my opinion, this issue is a question of security.

4

Did you get any answer yet? I am with you, this is a huge security issue, giving the people the impression that they can share without re-share rights but in reality there is no way to suppress that.

5

Unfortunately not.

6

I just tried it myself. I added a small comment on github, hopefully you will have an answer soon.

7

Now it has been marked on Github as bug by a developer.

1 Like
8

Same in 14, or? I fear you need to be a paying customer to get any priority …