📁👩👩👧👦 Admin configured folders accessible by everyone in a group in Nextcloud.
Group Folders can be configured through Group Folders under Administration settings.
After a folder is created, the admin can give access to the folder to one or more groups, a quota can be assigned for the folder and advanced permissions can be activated and configured.
Permissions to the content of a group folder can be configured on a per-group basis.
The configuration options include the Write, Share and Delete permissions for each group.
Once configured, the folders will show up in the home folder for each user in the configured groups.
Advanced Permissions allows entitled users to configure permissions inside groupfolders on a per file and folder basis.
Permissions are configured by setting one or more of "Read", "Write", "Create", "Delete" or "Share" permissions to "allow" or "deny". Any permission not explicitly set will inherit the permissions from the parent folder. If multiple configured advanced permissions for a single file or folder apply for a single user (such as when a user belongs to multiple groups), the "allow" permission will overwrite any "deny" permission. Denied permissions configured for the group folder itself cannot be overwritten to "allow" permissions by the advanced permission rules.
Users or whole groups can be entitled to set advanced permissions for each group folder separately on the group folders admin page. For entitlements, only users from those groups are selectable which have to be configured selected in the Groups column.
Some settings are currently only exposed via config/config.php
:
'groupfolders.quota.default' => -3,
The special value -3
means unlimited and any other value is the quota limit in bytes.
Group folders can be configured and managed from the command-line interface (CLI). This is accomplished by using the occ
command.
The occ
command is utilized throughout Nextcloud for many operations and is not specific to Group Folders. When the Group Folders app is enabled, the occ
command gains additional functionality specific to Group Folders.
If you're unfamiliar with occ
see Using the occ command in the Nextcloud Server Administration Guide for general guidance.
occ groupfolders:create <name>
→ create a group folderocc groupfolders:delete <folder_id> [-f|--force]
→ delete a group folder and all its contentsocc groupfolders:expire
→ trigger file version and trashbin expiration (see Nextcloud docs for versioning and Nextcloud docs for the trash bin for details)occ groupfolders:group <folder_id> <group_id> [-d|--delete] [write|share|delete]
→ assign groups and their rights to a group folderocc groupfolders:list
→ list configured group foldersocc groupfolders:permissions
→ configure advanced permissions (see below for details)occ groupfolders:quota <folder_id> [<quota>|unlimited]
→ set a quota for a group folderocc groupfolders:rename <folder_id> <name>
→ rename a group folderocc groupfolders:scan <folder_id>
→ trigger a filescan for a group folderocc groupfolders:trashbin:cleanup
→ empty the trashbin of all group foldersocc config:app:set groupfolders enable_encryption --value="true"
→ activate encryption (server-side) support
Advanced permissions can also be configured through the occ groupfolders:permissions
command, but must be enabled first.
Before configuring any advanced permissions you'll first have to enable advanced permissions for the folder using occ groupfolders:permissions <folder_id> --enable
. To do this you'll first need to find the folder_id
of the groupfolder you're trying to configure. You can use occ groupfolders:list
to find the folder_id
of the target folder.
Then you can list all configured permissions trough occ groupfolders:permissions <folder_id>
.
occ groupfolders:permissions 1
+------------+--------------+-------------+
| Path | User/Group | Permissions |
+------------+--------------+-------------+
| folder | group: admin | +write |
| folder/sub | user: admin | +share |
| | user: test | -share |
+------------+--------------+-------------+
Permissions for files and folders can be set trough occ groupfolders:permissions <folder_id> --group <group_id> <path> -- <permissions>
to set permissions for a group or occ groupfolders:permissions <folder_id> --user <user_id> <path> -- <permissions>
to set permissions for a single user.
<permissions>
can be one or more of the following options: -read
, +read
, -write
, +write
, -create
, +create
, -delete
, +delete
, -share
or +share
to set the set the respective permission to "deny" or "allow".
You can delete a rule by passing clear
as the <permissions>
field.
Note: An advanced permission settings set always needs to be complete (for example +read -create +delete
) and not just incremental (for example -create
).
Not mentioned options (in the above example that's write and share) are interpreted as inherited.
To help with configuring nested permission rules, you can check the effective permissions a user has for a path using occ groupfolders:permissions <folder_id> --user <user_id> <path> --test
.
To manage the users or groups entitled to set advanced permissions, use occ groupfolders:permissions <folder_id> [[-m|--manage-add] | [-r|--manage-remove]] [[-u|--user <user_id>] | [-g|--group <group_id>]]
.
To disable the advanced permissions feature for a group folder, use occ groupfolders:permissions <folder_id> --disable
.
See the OpenAPI specification to learn about all available API endpoints: https://petstore.swagger.io/?url=https://raw.githubusercontent.com/nextcloud/groupfolders/master/openapi.json
Group folders are also exposed through a separate WebDAV API at /remote.php/dav/groupfolders/<user id>
.
In addition to browsing the contents of the group folders, you can also request the mount point for the group folder by requesting the {http://nextcloud.org/ns}mount-point
property.
Footnotes
-
The releases are now managed in a dedicated release repository. The releases in this repository may be outdated. ↩