Sharing Best Practices

Hi there,

first off: thanks for such a great open source software!

I set up Nextcloud for a small-sized organization (< 100 members) in such a way that Nextcloud is used for collaborative work. In particular, there are a few groups and generally (for most files and folders) users should have equal rights to see all the folders and files other users uploaded. The content itself was migrated from Dropbox and consists of a high number of files and folders.

In order to make everybody see and edit (i.e. move, delete, edit) everything, I was wondering what would be the best approach. I identified two: 1) Set up group folders via the admin settings or 2) for every folder in the root directory click on share and add the respective groups.

Option one using group folders is impractical as I would have to remove the entire content from Nextcloud first, manually create group folders for each of the existing folders and upload the content again. This is because, if one creates a group folder with the same name of an existing folder with content, the content will be gone.

Thus, I am currently using the second option. The problem with this is that it doesn’t come with appropriate access controls. I.e. although a folder is shared all other users (which are not users) can neither delete nor move the folder or files that they do not own.

My ideal situation would be this: Once a file is uploaded it inherits default sharing properties, which are defined by admins. As a consequence, the ownership is transferred to those groups which are part of the set of shared groups if this file / folder. I am not sure whether this requirement can be scripted using OCC where one would set up a cron job to let occ periodically run and transfer ownership to those groups, which are defined in the file’s / folder’s shared settings.

Am I missing something, are there better approaches?

Thanks in advance!

Group folders is the appropriate mechanism for this I think.

You should not have to re-upload files. You can move them to the group folder once it’s created.

Hi Karl,

thanks for the reply. Well, I already have contents populated to Nextcloud (huge number of folders an subfolders). I.e. I have one folder “foo” with contents. If I now create a Group Folder with name “foo”, it will indeed create the Group Folder but it will delete all the contents. Thus, I will have to re-upload all contents. Or am I missing something?

Another question: Do group folders allow for some sort of structure / hierarchy, i.e., sub-group folders? Or would one only be allowed to define “root” Group Folders and everything in these root folders automatically becomes a group folder as well?

You can rename the folder to “foo2”, then make the new group folder foo. You can then transfer the folder contents using the web UI, without any need to re-upload.

Sub-groups aren’t a native feature, but there are a couple of ways to implement them.

1. Access Control rules to lock down files that would otherwise be accessible. For example, block access to /Dev/Greenfield to people that aren’t in the greenfield [sub]group.
2. Semantic folder names such as “Dev” and “Dev.Greenfield” that both show up in the user’s root directory. For example, /Dev appears for members of the dev group, but /Dev.Greenfield appears alongside it for members of the greenfield [sub]group.

Thats very good to know