System-wide read-only external storage

As far as I know, the Nextcloud server instance needs to have read/write access to (local) folders that are mounted through the external storage application. I do have folders that I would like to share (i.e., mount with the external storage application and give users read access). However, I do not want to give write permission to anybody (including the Nextcloud server instance) but the owner of the folder. I want these files to be read only from the beginning because those folders are managed from outside Nextcloud anyways. Maybe I am missing something but this seems to be impossible at the moment.

For instance, the folder Shared is owned by user1. It is only writeable by user1 but readable by members of the group user1 and everybody else. I would like to add this folder to Nextcloud without the intention and possibility to write anything into this folder.

ls -l Shared
drwxr-xr-x 13 user1 user1 4096 Nov 25 17:53 Shared

Maybe I am missing something, please let me know! Thank you.

I’m not sure about that. Did you try a local storage with only read access for the webserver user? You could always use a local user to mount the storage with full permissions and then share it to other users as read-only. However, it more secure to manage these permissions via file system.

I tried local storage with read only, it does not work. A solution would be that I create a group olny containing ‘http’ and my user and chown those folders to that group. But then, nextcloud could modify these files and that’s what I would like to avoid. Thanks for you answer!

1 Like


I just updated to Nextcloud 12.0.4 and changed the background tasks from AJAX to Cron.

Now Nextcloud displays the files on my read only local external storage.

you are right, thank you. Now it works! Cheers.

I have the same requirement.
My files happen to be NFS mounted via autofs, but same difference really.
I set it up as Read-Only.
I have changed the cron setting from ajax to cron. Do I have to force the cron job to run once?
I don’t understand why this change matters.
I get a box when I try to browse the directory: “This operation is forbidden”
I am running version 19.0.3. (I found it very difficult to find the version number. I wound up viewing source)