You’re right - it’s faster if added as local storage
And in that case you’re right that the files should be owned by www-data.
You probably already read the admin guide:
What you did makes sense now - the external storage should be owned by www-data, and therefore you need to force the Samba user like you do.
But the files will not be available locally, outside of Nextcloud or Samba then, I would assume? With the file owner being www-data, I assume the access goes through the database, and in that case, if you change files directly then the database will get out of sync.
I think what you end up with is that you can differentiate between users in Nextcloud (some have no access, some have read and some have read+write), and in Samba you can do the same - by not adding a user to “valid users” you deny access, then by setting “writeable” to no all valid users will have read only as default, and lastly, if you add users to “write list” then they will get write access.
This way you can give users none, read and read+write access in both Nextcloud and Samba. But none can access the files locally, outside of Samba or Nextcloud.
If you change files directly the database will get out of sync, and you must use the occ file:scanscan command to scan the files and update the database:
Something like this I think:
sudo -u www-data php /var/www/html/nextcloud/occ files:scan --path /media/Projekte