Improve customizability for UMASK and default permissions

[MartinBrugnara]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status changes and new comments.

---

Improve customizability for UMASK and default permissions

Respect user $UMASK and facl while ensuring NC can write & manage the folders it creates e5dc1a8.

Possible Solution 0

Stop playing with permissions.

Add checks in the " Security & setup warnings " section for FS configuration.
Then, in normal workflow, report any FS errors to both admin and users.

Possible Solution 1

If we have to play with permissions, instead of overriding $UMASK before creating the file and forcing a default chmod:

• create the file / directory (without modifying the env)
• check if the permissions are sufficient,
  • if not, extend them by adding only the minimal set of permissions needed to the group.
• support configuring also $MIN_PERM_F and $MIN_PERM_D instead of hardcoding (we may want NC to rely on the user or the group or on all)...

Bonus

Since we are manipulating the permissions anyway, we may want to try playing nice with NFS & friends:

• basic:
  • allow mapping users to uid (local or ldap)
  • chown the file uploaded by that user as user_uid:oc_gid
• gold:
  • allow mapping user and groups to uid/gid (local or ldap)
  • maintain in sync NC ACLs with facl ACLs
    This, combined with inotify support (which NC kinda has-- INotify file watcher ) for change detection, would be magic.
    The flexibility and ease of use of Nextcloud while accessing remotely.
    The performance of NFS when needed.

Context

Deprecates: #29041 #25280
Builds upon: #32723 (merge&shipped NC 25)