My goal now is to share only Subfolder2 of each folder with the name of the upper Folder. Sadly I cannot restructure this folders because of other workflows.
I made a script to share only a virtual directory that does symlinks and updates these but symlinks are not shown (i can understand the security risks on it so maybe I should leave that idea behind)
Could you think of another way to achieve this goal?
Nextcloud version: 12
Operating system and version (eg, Ubuntu 16.04): Debian 8
Apache or nginx version (eg, Apache 2.4.25): Apache 2.4
PHP version (eg, 5.6): 5.6
Would it be possible to change the folder names then?
Let’s say folder 1 is named marketing and folder 2 sales. So what about subfolder names like
Marketing-sub2
Sales-sub2
or
Mark-sub2
Sale-sub2
Something like that, only that you have the names in the share like wanted.
Oh I see, I didn’t understand that you want to avoid sharing all subfolders one by one.
Depending on the number of subfolders that might still be the best solution, because there is no method to share all subfolders, that I know of.
Another possibility is, to share the parent folder and forbid access to specific subfolders for different users.
Using User Groups, Tags and “File Access Control” you could do the following:
Create a Tag in “Workflow”:
Leader
Assign that Tag Leader to all subfolders, that should not be accessed by everybody.
Create a file access control rule:
Rule name: "Leader access only"
TAG – is – Leader
User Group Membership – is not – Leader
Create a User Group “Leader” and add every team leader or user that should have access to all folders to the Group “Leader”.
When you share the parent folder, then everybody sees all the subfolders, but only the users that you defined, can really access the subfolders you allow them to.
This is just an example, to show what is possible. I hope this is something applicable for you.
With this solution it is useless, to change the naming of the subfolders, while everybody sees the parent folders as shared folders in their own folder list.
This would be a good point actually.
The Problem I have is that right now that’s 410 Folders where I’d have to do this. And as it is constantly growing I’ll end up checking and updating permissions all the time.
Also: the other subfolders should indeed not be visible at all. It really seems that there’s no real way. I may end up changing my script to do some rsync magic instead of creating symlinks.
Best thing would be of course to do this all differently as everything is getting a bit too complicated and I feel that no matter how I work around that folder structure I’ll end up fixing user errors all the time.
Maybe someone has a good idea if you describe your situation a little bit more and what exactly you need and want to achieve.
I mean there is an app “Auto Tag”, that could actually take over the part of tagging the folders for you.
Maybe there is a good construct, the community could build (in the meaning of advise to you).
under “real” there’s a showcase how the folders are right now. So there’s a list of clients with some different Subfolders. Now for Administrative reasons I have to share only the folders of the Invoices to another person. That should obviously be named like the Folder Above (so client1, client2, client3 and so on).
I did make symlinks with the names and the clientX/Invoices Folder (the virtual Directory in the image).
As a result a “ls -l virtual/” gives the following output:
lrwxrwxrwx 1 user domänen-benutzer 24 Mai 25 14:58 Client1 -> ../real/Client1/Invoices
lrwxrwxrwx 1 user domänen-benutzer 24 Mai 25 14:58 Client2 -> ../real/Client2/Invoices
lrwxrwxrwx 1 user domänen-benutzer 24 Mai 25 14:58 Client3 -> ../real/Client3/Invoices
lrwxrwxrwx 1 user domänen-benutzer 24 Mai 25 14:58 Client4 -> ../real/Client4/Invoices
lrwxrwxrwx 1 user domänen-benutzer 24 Mai 25 14:58 Client5 -> ../real/Client5/Invoices
lrwxrwxrwx 1 user domänen-benutzer 24 Mai 25 14:58 Client6 -> ../real/Client6/Invoices
lrwxrwxrwx 1 user domänen-benutzer 24 Mai 25 14:58 Client7 -> ../real/Client7/Invoices
lrwxrwxrwx 1 user domänen-benutzer 24 Mai 25 14:58 Client8 -> ../real/Client8/Invoices
So this is where symbolic links would help me a lot and are quiet easy to script. For obvious security reasons I can understand that this is prevented. Thus resulting in logs like:
message":"Following symlinks is not allowed (<virtual-path> not inside <real-path>)
If somebody has a clean and easy to maintain idea it would I would be glad.
I wouldn’t loose too much time about it. In that case I’d consider another solution than those hacks.
This seems really tricky.
What came to my mind after thinking about it quite a time are Group Folders. This is a new feature in Nextcloud 12.
I fear this is no solution for you currently, because the effort to set it up like that is extremely high. Especially when you have the mentioned 410 folders. Nonetheless maybe for a second server and if there is no other solution to come, I would like to share the idea with you.
What about Group Folders for every client? Let’s say you create the following group folders:
“Client 1 - Invoices”
“Client 2 - Invoices”
“Client 3 - Invoices”
…
These folders appear in the root folder of every user in that group and every group member can read and write into that folder.
Every Client must have his own group (unfortunately for single user clients but pretty nice for multiple users for different clients) and for every group folder you assign the specific group:
“Client 1 - Invoices” — Group "Client1"
“Client 2 - Invoices” — Group “Client2”
…
There would be two ways to grant access to these folders for the user you plan to share it with. Either add that user to the groups “Client1”, “Client2”, … or have that user in his own group and add his group to this folders as well:
Client 1 - Invoices — Group “Client1” + “SpecialUser”
The initial effort is damn high with hundreds of clients. I guess a feature request might be the best option.
That way samba cares about following symlinks and owncloud just needs to have that folder mounted.
It is actually not in any way something I’d recommend for others but the fact that I need this just for 1 user makes me think that a feature request might be too much work to do for such a small user base.
If some more users will need this in the future I’d share my thoughts on a feature request.
