Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Multiple account privacy

Scheduled Pinned Locked Moved Nextcloud
27 Posts 6 Posters 668 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R Offline
    R Offline
    Ropyro
    wrote on last edited by
    #1

    Hi There --

    I want to offer my friend an account in my Nextcloud instance but want to assure him that I can't look at his files. From what I'm reading on the old internet it looks like I'd have access to his files through my admin account. Is this true? If so, is there a way to configure it so his files are absolutely private?

    BrutalBirdieB 1 Reply Last reply
    1
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to Ropyro on last edited by BrutalBirdie
    #2

    @Ropyro the magic word is "encryption"
    https://docs.nextcloud.com/server/19/user_manual/files/encrypting_files.html

    Like my work? Consider donating a drink drink. Cheers!

    R 1 Reply Last reply
    0
  • R Offline
    R Offline
    Ropyro
    replied to BrutalBirdie on last edited by
    #3

    @BrutalBirdie Awesome, thanks πŸ™‚ And off I go...

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to Ropyro on last edited by
    #4

    @Ropyro Don't run of too fast, I am reading a bit deeper into this...
    I know Nextcloud Admins can impersonate to view Data of other users.
    This should not work if server side encryption is enabled.

    Read threw the doc of Nextcloud about the pros and cons about server side encryption.

    Like my work? Consider donating a drink drink. Cheers!

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to BrutalBirdie on last edited by BrutalBirdie
    #5

    https://github.com/nextcloud/impersonate/issues/41#issuecomment-386062283

    with E2E it doesn't matter because you can't open the files on the server. In other words the admin can impersonate you but without your mnemonic key they still can't access your E2E files.

    Not sure how credible this user is tho. Still looking deeper.


    Ehh I will just test it now.

    Like my work? Consider donating a drink drink. Cheers!

    R 2 Replies Last reply
    0
  • R Offline
    R Offline
    Ropyro
    replied to BrutalBirdie on last edited by
    #6

    @BrutalBirdie Ha -- yea, I see all that.

    1 Reply Last reply
    0
  • R Offline
    R Offline
    Ropyro
    replied to BrutalBirdie on last edited by
    #7

    @BrutalBirdie It's gotta be possible. Right? I mean, I've used paid versions of Nextcloud in the past. I have to assume they didn't have access to my files. I hope, anyway.

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to Ropyro on last edited by BrutalBirdie
    #8

    @Ropyro Okay so here are my first findings, which are.. well. Bad.

    https://docs.nextcloud.com/server/23/admin_manual/configuration_files/encryption_configuration.html

    I followed this doc.

    94feeba2-702b-4c96-aa1f-8b7b5fe53144-grafik.png

    Hmm well, lets try it with the cloudron file manager.

    fc4980fd-250d-44e6-87f2-6996b15c62ab-grafik.png

    2c2a2e90-9ef7-46ce-80e6-9cea109c8657-grafik.png

    Good right?
    Nope.

    9580023e-4b9c-4a06-a897-735555f653e9-grafik.png
    bda46781-9e6f-41b2-ac5d-130a37dc354f-grafik.png
    fde0c199-63f9-4a20-bcf9-80c4b784ac7f-grafik.png
    6c918f05-e0fb-458e-92ab-51ad09ffd901-grafik.png

    Like my work? Consider donating a drink drink. Cheers!

    BrutalBirdieB 1 Reply Last reply
    1
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to BrutalBirdie on last edited by
    #9

    @BrutalBirdie digging deeper

    Like my work? Consider donating a drink drink. Cheers!

    R BrutalBirdieB 2 Replies Last reply
    1
  • R Offline
    R Offline
    Ropyro
    replied to BrutalBirdie on last edited by
    #10

    @BrutalBirdie Man, thanks for doing the leg-work here. I'll be buying you a beer πŸ™‚

    1 Reply Last reply
    2
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to BrutalBirdie on last edited by
    #11

    I must be missing something?

    Now you must log out and then log back in to initialize your encryption keys.

    When you log back in, there is a checkbox for enabling encryption on your home storage. This is checked by default. Un-check to avoid encrypting your home storage.

    This never happened? I must be missing something..

    Like my work? Consider donating a drink drink. Cheers!

    R 1 Reply Last reply
    0
  • R Offline
    R Offline
    Ropyro
    replied to BrutalBirdie on last edited by
    #12

    @BrutalBirdie I mean, I see an option to enable "server-side" encryption on the admin/security page but I assume that's different than what you're doing?

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to Ropyro on last edited by BrutalBirdie
    #13

    @Ropyro Nah that's exactly what I am looking at.

    Also this:
    https://docs.nextcloud.com/server/23/admin_manual/configuration_files/encryption_configuration.html#enabling-users-file-recovery-keys

    Does not exist for me.

    If you want to team up on this we can do a discord call or something πŸ˜„

    Like my work? Consider donating a drink drink. Cheers!

    R 1 Reply Last reply
    0
  • R Offline
    R Offline
    Ropyro
    replied to BrutalBirdie on last edited by
    #14

    @BrutalBirdie Ha! I'm bouncing back and forth between this and another project right now. I appreciate all your help. Gives me a direction to play around with. Beer forthcoming πŸ™‚

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to Ropyro on last edited by BrutalBirdie
    #15

    @Ropyro

    Encryption keys are stored only on the Nextcloud server, eliminating exposure of your data to third-party storage providers. The encryption app does not protect your data if your Nextcloud server is compromised, and it does not prevent Nextcloud administrators from reading user’s files. This would require client-side encryption, which this app does not provide. If your Nextcloud server is not connected to any external storage services then it is better to use other encryption tools, such as file-level or whole-disk encryption.

    😐
    This is by design.
    https://docs.nextcloud.com/server/23/admin_manual/configuration_files/encryption_configuration.html
    The first big yellow warning.


    ps: Thanks for the Beer! Cheers 🍻

    Like my work? Consider donating a drink drink. Cheers!

    BrutalBirdieB 1 Reply Last reply
    0
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to BrutalBirdie on last edited by BrutalBirdie
    #16

    And here we go for another round ...
    https://apps.nextcloud.com/apps/impersonate

    This app is not compatible with instances that have encryption enabled.

    01388500-57d0-47d6-b1f0-330a3e5b6e02-grafik.png

    But.... it is? Its working? Right now?

    Like my work? Consider donating a drink drink. Cheers!

    BrutalBirdieB 1 Reply Last reply
    0
  • robiR Offline
    robiR Offline
    robi
    wrote on last edited by
    #17

    You can always encrypt before uploading.

    Or use internxt.com which does ZK e2e for you.

    Life of sky tech

    1 Reply Last reply
    1
  • BrutalBirdieB Offline
    BrutalBirdieB Offline
    BrutalBirdie Staff
    replied to BrutalBirdie on last edited by BrutalBirdie
    #18

    Ok... this is getting into a convoluted mess.

    Now I found out there should be a per-user-encryption:
    https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_details.html#key-type-user-key

    Funny how this is missing in the doc for the encryption ooc commands...........
    https://docs.nextcloud.com/server/23/admin_manual/configuration_server/occ_command.html#encryption-label

    And also not mentioned in the main doc where they show and tell about the Enabling users file recovery keys.
    😑

    I've set up a new Nextcloud (with user managed by the app) and installed the Default Encryption Module then went into the Nextcloud app web-terminal and did a:

    root@f6665ea8-5f0a-41f7-b8ae-be1719062c33:/app/code# sudo -u www-data php -f /app/code/occ encryption:disable-master-key
    Warning: Only perform this operation for a fresh installations with no existing encrypted data! There is no way to enable the master key again. We strongly recommend to keep the master key, it provides significant performance improvements and is easier to handle for both, users and administrators. Do you really want to switch to per-user keys? (y/n) y
    Master key successfully disabled.
    

    Then I enabled the server wide encryption.

    0f395350-8e58-4155-b335-02499f4ec9fa-grafik.png
    Ok understandable because: https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/encryption_configuration.html#enabling-users-file-recovery-keys

    So I set a recovery key. Good? Ehhhh... with that I can decrypt files from a user if he allows it.
    Wait... if the user allows it? By default it's not allowed.
    So if I try this in the web-terminal:

    root@f6665ea8-5f0a-41f7-b8ae-be1719062c33:/app/code# sudo -u www-data php -f /app/code/occ encryption:decrypt-all eha
    Disable server side encryption... done.
    
    
    You are about to start to decrypt all files stored in eha's account.
    It will depend on the encryption module and your setup if this is possible.
    Depending on the number and size of your files this can take some time
    Please make sure that no user access his files during this process!
    
    Do you really want to continue? (y/n) y
    prepare encryption modules...
    
    Prepare "Default encryption module"
    
    You can only decrypt the users files if you know
    the users password or if he activated the recovery key.
    
    Do you want to use the users login password to decrypt all files? (y/n) n
    No recovery key available for user eha
    Module "Default encryption module" does not support the functionality to decrypt all files again or the initialization of the module failed!
     aborted.
    Server side encryption remains enabled
    

    So now I impersonate the user... and allow it? πŸ€”
    d78a56dd-a540-4330-afbf-0ce050854698-grafik.png
    Please no....
    0611b78e-e775-42c7-9957-76a191842c96-grafik.png
    Please don't tell me now that I can decrypt the user files afterwards.

    root@f6665ea8-5f0a-41f7-b8ae-be1719062c33:/app/code# sudo -u www-data php -f /app/code/occ encryption:decrypt-all eha
    Disable server side encryption... done.
    
    
    You are about to start to decrypt all files stored in eha's account.
    It will depend on the encryption module and your setup if this is possible.
    Depending on the number and size of your files this can take some time
    Please make sure that no user access his files during this process!
    
    Do you really want to continue? (y/n) y
    prepare encryption modules...
    
    Prepare "Default encryption module"
    
    You can only decrypt the users files if you know
    the users password or if he activated the recovery key.
    
    Do you want to use the users login password to decrypt all files? (y/n) n
    Please enter the recovery key password: 
     done.
    
    
    
    
    
     starting to decrypt files... finished 
     [============================]
    
    
    Files for following users couldn't be decrypted, 
    maybe the user is not set up in a way that supports this operation: 
        eha
            /eha/files/allowed_recovery.md
            /eha/files/deny_recovery.md
    
    Server side encryption remains enabled
    

    thank god.

    If I now look into the security tab as the user:
    1d3fc02f-985b-4591-97e5-ed6559e491e5-grafik.png
    This looks bugged.
    So disable it again:
    6f8a9e84-91cb-4d15-88c3-6be0f9182c30-grafik.png
    and enable it again:
    ba9fedb6-867a-4e9c-a23f-adca13ccda0d-grafik.png
    Hmmm this Recovery Key enabled did never happen as impersonated user.
    So this could be used as an indicator if an admin tried to decrypt your files... good to know I guess.

    So now I can decrypt the user files with the recovery password?

    root@f6665ea8-5f0a-41f7-b8ae-be1719062c33:/app/code# sudo -u www-data php -f /app/code/occ encryption:decrypt-all eha
    Disable server side encryption... done.
    
    
    You are about to start to decrypt all files stored in eha's account.
    It will depend on the encryption module and your setup if this is possible.
    Depending on the number and size of your files this can take some time
    Please make sure that no user access his files during this process!
    
    Do you really want to continue? (y/n) y
    prepare encryption modules...
    
    Prepare "Default encryption module"
    
    You can only decrypt the users files if you know
    the users password or if he activated the recovery key.
    
    Do you want to use the users login password to decrypt all files? (y/n) n
    Please enter the recovery key password: 
     done.
    
    
    
    
    
     starting to decrypt files... finished 
     [============================]
    
    
    all files could be decrypted successfully!
    Server side encryption remains enabled
    

    Yep worked.
    ...
    Okay I will write that down a bit clearer tomorrow. (And try this again with LDAP instead of user management by the app)

    My head is smoking.
    This documentation of Nextcloud is a nightmare!

    Like my work? Consider donating a drink drink. Cheers!

    R 1 Reply Last reply
    5
  • R Offline
    R Offline
    Ropyro
    replied to BrutalBirdie on last edited by
    #19

    @BrutalBirdie Man, what a mess! I didn't have time to look into it today as deeply as you did. Can't thank you enough!

    1 Reply Last reply
    1
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    wrote on last edited by
    #20

    Basically, what you want for this is end-to-end encryption (and I know a bit about this, it's literally my job to implement E2EE ^^).

    The problem is that the nextcloud app that provides E2EE is bad, like really bad, like "my files just disappeared, i have no idea why" bad.

    So, long story short, there is no simple way for you to provide this service to your friend with nextcloud with you not being able to look at their files.

    BrutalBirdieB 1 Reply Last reply
    2

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.