SMB/CIFS external storage access does not update

Nextcloud version: 21.0.3
Operating system and version: Debian 10 (buster)
nginx version: nginx/1.14.2
PHP version: 7.3

We are using Nextcloud as a kind of front-end for our samba shares, which, for the most part, works quite well. Basically, we have the LDAP/AD integration app installed, which lets users authenticate against the AD provided by our samba instance. Then, shares are mounted as external storages, through SMB/CIFS globally. What a given user can see is controlled by ACLs managed in Windows.

Nextcloud seems to handle this quite well, it shows only the files that a user has permissions to see and in general behaves almost perfectly.

There is just the slight problem of changes in permissions and the like.

  • For example, I noticed that when a user is granted permission to a new directory somewhere in the samba share, the change is not immediately visible in Nextcloud. I have since found a solution to this by reading the documentation. Now I run files_external:notify in the background constantly (as a systemd service) and it seems to be working.

  • The new problem I am facing is what happens when a user is granted additional permissions (or has lost permissions) due to a change in the groups they are in. files_external:notify does not pick up this change, since no file permissions or contents change. It is merely that a user is now a member of a group it previously was not. It seems that Nextcloud only picks up the change after I do a complete file scan for the user (ie file:scan myuser).

  • What is funny is that it seems that directories in the root of the shares immediately show up and disappear in Nextcloud as I add/remove the user from the group that has permissions for the directory. However, this does not happen already in a subdirectory only one level down from the root. Only file:scan helps.

I do not really want to execute a file:scan --all via cron every so often, since these external storages are quite huge and each scan takes forever. Isn’t there another way to make Nextcloud realize new directories / files are accessible since the group membership change?

Thanks in advance.