Remote wipe on user account deleted data on server as well

Nextcloud version : 19.0.1
Operating system and version (eg, Ubuntu 17.04): Linux 4.14.24 QTS
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4.39
PHP version (eg, 7.1): PHP 7.2.26

The issue you are facing:
I performed a remote wipe on a member that left the organisation, the data on the laptop was wiped, so did the data on the server owned by the user. The user’s account is still active and has not been deleted. Anyway I can retrieve the data?

Is this the first time you’ve seen this error? (Y/N): Y

Hi @yanuk,

You could just restore the files from your server backups?

That’s the problem I’m facing. It’s missing on the server when i use the web UI.

Is there a page to access the backup? (like roll back of document versions?)

Hi @yanuk

There isn’t a backup option in NC itself. There are probably just too many issues around backups to have a one solution fits all.

If your data is business critical you really need to be thinking about disaster recovery and management strategies (data backup or multi-region duplication).

I’ve used remote wipe without any issues, but the easy to make mistake I’ve seen made once before is deletion of a user account. This will remove the users directory (and files) from the NC datadir, without any form of backup, it’s gone for good!

The delete and wipe options have no separation:
Screenshot from 2020-08-23 16-51-02

This is maybe something NC might want to take a look at to remove the possibility of an incorrectly selected option.

Personally I’d like to see no delete option until a user account has been disabled first, and only then could an admin delete an account. It offers a chance to rethink what you are doing before you do it, a firebreak.

Have you looked in the NC datadir on the server for the users account directory (via the filesystem / SSH etc) and checked to see if it’s there or not? You’ll be able to see the datadir path from the config.php file of your NC install.

There should be a directory titled the same as the users account login name. This will contain the various directories and files for the user.

e.g:
/
user1
user2
user3
joe.bloggs

Is your organisations server an internal server or a cloud located one?

Ah yes, I was sure to click on the correct option, i can still log into the user’s account so I’m sure it wasn’t deleted. bad luck to me. The data directory didn’t have the files in it as well.

Mine is an internal self-hosted server.

Hi @yanuk,

So by the sound of it, unless you have backups, that data would appear to be gone.

This is something that happens frequently. Critical data simply isn’t included in any form of backup or disaster recovery plan. What was the business plan if your internally hosted server was:

a.) Subject to theft.
b.) Destroyed by fire / water / earthquake
c.) Subject to catastrophic hardware failure?
d.) Target of malicious intent.

To my knowledge crying, wailing, shouted expletives, table banging, and blame slinging hasn’t recovered a single needed file to date that wasn’t backed up somewhere, somehow.

This data deletion would be a horrendous issue in NC if a remote wipe was actioned in this manner and probably needs more investigation.

Have you examined the raw admin logs relating to that day / time / user to see what events were triggered? This will probably yield some clues. Are you the only admin user? Is it possible at, or about the same time another admin actioned a delete in error? It is strange that you are able to still login as the user though?