-
I'd like to not use Nextcloud's encryption-at-rest.
So I would love to be able to provide users with server logs that would show anytime a file was accessed by someone who did not own it or have share-access to it.
In other words, I want to do more than promise, "I won't access user files."
Ideas? I know there is a Linux program Auditd. I wanted to get other folks perspectives before I dive into that.
-
@shai said in Audit admin access to Nextcloud user files:
So I would love to be able to provide users with server logs that would show anytime a file was accessed by someone who did not own it or have share-access to it.
Trying to understand your question. Are you referring to users somehow accessing the files via SSH'ing into your server? If not, how can someone access files they did not own?
-
@shai said in Audit admin access to Nextcloud user files:
I'd like to not use Nextcloud's encryption-at-rest.
You won't be able to protect unencrypted files even if you promise. Think of stuff like the backup process (or user) reading the file. As a server admin there will always be a way to access these files. The feature you want should be requested upstream since this cannot be solved within cloudron.
Note that Nextcloud admins will always be able to impersonate users.
You have to trust your administrators and if you don't want to rely on promises, secure them with a contract. This is the standard procedure.
In most cases Cloudron "User Manager" + Nextcloud "Group administrator" roles are sufficient so you don't have to give someone SSH/admin access.
-
You won't be able to protect unencrypted files even if you promise.
It's not so much about protection that I'm after but rather making Admin access transparent.
Note that NextCloud admins will always be able to impersonate users
Yes, but I'm imagining that would trigger a log entry that would be made available to instance users.
The feature you want should be requested upstream since this cannot be solved within cloudron.
Agreed.
You have to trust your administrators.
We should not have to trust administrators. I hope the goal of NextCloud is to be a true alternative to Google cloud apps. If we are just asking folks to trust one administrator instead of another administrator then NextCloud becomes less compelling, in my opinion.
-
Trying to understand your question. Are you referring to users somehow accessing the files via SSH'ing into your server? If not, how can someone access files they did not own?
My interest is in auditing admin access and making those audits transparent.
-
