Audit admin access to Nextcloud user files

Shai

I'd like to not use Nextcloud's encryption-at-rest.

So I would love to be able to provide users with server logs that would show anytime a file was accessed by someone who did not own it or have share-access to it.

In other words, I want to do more than promise, "I won't access user files."

Ideas? I know there is a Linux program Auditd. I wanted to get other folks perspectives before I dive into that.

girish

@shai said in Audit admin access to Nextcloud user files:

So I would love to be able to provide users with server logs that would show anytime a file was accessed by someone who did not own it or have share-access to it.

Trying to understand your question. Are you referring to users somehow accessing the files via SSH'ing into your server? If not, how can someone access files they did not own?

subven

@shai said in Audit admin access to Nextcloud user files:

I'd like to not use Nextcloud's encryption-at-rest.

You won't be able to protect unencrypted files even if you promise. Think of stuff like the backup process (or user) reading the file. As a server admin there will always be a way to access these files. The feature you want should be requested upstream since this cannot be solved within cloudron.

Note that Nextcloud admins will always be able to impersonate users.

You have to trust your administrators and if you don't want to rely on promises, secure them with a contract. This is the standard procedure.

In most cases Cloudron "User Manager" + Nextcloud "Group administrator" roles are sufficient so you don't have to give someone SSH/admin access.

Shai

@subven

You won't be able to protect unencrypted files even if you promise.

It's not so much about protection that I'm after but rather making Admin access transparent.

Note that NextCloud admins will always be able to impersonate users

Yes, but I'm imagining that would trigger a log entry that would be made available to instance users.

The feature you want should be requested upstream since this cannot be solved within cloudron.

Agreed.

You have to trust your administrators.

We should not have to trust administrators. I hope the goal of NextCloud is to be a true alternative to Google cloud apps. If we are just asking folks to trust one administrator instead of another administrator then NextCloud becomes less compelling, in my opinion.

Shai

@girish

Trying to understand your question. Are you referring to users somehow accessing the files via SSH'ing into your server? If not, how can someone access files they did not own?

My interest is in auditing admin access and making those audits transparent.

girish

@shai I see, I guess this is more a feature request for nextcloud since only the app knows when a doc was accessed and by whom. Maybe you can try their forum - https://help.nextcloud.com/

Shai

@girish

Will do. Thx for the link.

murgero

@shai There may also be a plugin that does this too - it's worth trying to search on Nextcloud's own store-front for plugins.