Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Denied folders are still displayed #97

Open
ygoe opened this issue May 4, 2018 · 2 comments
Open

Denied folders are still displayed #97

ygoe opened this issue May 4, 2018 · 2 comments
Labels
enhancement

Comments

@ygoe
Copy link

ygoe commented May 4, 2018

When access to a folder is denied, the folder is still listed and can be switched to. But then, instead of listing the folder contents, a redirect happens and the user is put in the root directory and sees an error message that what they just tried is not allowed.

Then why is it even offered? If access to something is denied, I'd expect it not to be visible at all. And if Nextcloud isn't capable of that, an indication before clicking on the folder would be helpful.

I'm not yet sure that Nextcloud is a good place for confidential data. All it takes is the File access app to be disabled and all files become accessible. This might happen during some updates, I have no idea. I'll have to rely on that app not to terminate.
@nickvergessen
Copy link
Member

We tried to make this clear in our documentation:
https://docs.nextcloud.com/server/13/admin_manual/file_workflows/access_control.html#denied-access

The reason why folders are still listed, is because otherwise etags and other checksums for the sync clients would incorrectly defer cause problems all around.

I'm not yet sure that Nextcloud is a good place for confidential data. All it takes is the File access app to be disabled and all files become accessible. This might happen during some updates, I have no idea. I'll have to rely on that app not to terminate.

Well the "attacker" still needs access to the file in a normal way (e.g. a share). I'm not sure which scenario/use case you have in mind, but maybe you can explain it a bit and I can tell you how to best achieve it or where problems could be.

@ygoe
Copy link
Author

ygoe commented May 4, 2018

My plan is to use some central service for all the team data and give every member access to that root share. Certain subdirectories must be restricted to team leaders however and cannot be accessed by every team member. Pulling them out of the main folder structure and granting separate limited shares is undesired because the folder really belongs into the full structure.

This is where folder permissions come into place. An optional feature to Nextcloud that is only effective as long as an extra app is installed and running. My understanding of add-ons like this is that they silently deactivate as soon as there's some issue with the environment, like they're not compatible anymore or have an internal problem. I don't know anything about how these apps (technically probably more like plugins) work. So it's just a bad feeling that comes with using them that way. It would help to see some sort of technical guarantee that disabling the permissions app won't open up the affected folders.

@blizzz blizzz mentioned this issue Apr 21, 2021
Closed
@blizzz blizzz mentioned this issue Dec 1, 2021
Open
@mickenordin mickenordin mentioned this issue Aug 30, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nickvergessen @ygoe