File Sharing
Nextcloud users can share files with their Nextcloud groups and other users on the same Nextcloud server, with Nextcloud users on other Nextcloud servers, and create public shares for people who are not Nextcloud users. You have control of a number of user permissions on file shares.
Configure your sharing policy on your Admin page in the Sharing section.
Check
Allow apps to use the Share API
to enable users to share files. If this is not checked, no users can create file shares.Check
Allow resharing
to enable users to re-share files shared with them.Check
Allow sharing with groups
to enable users to share with groups.Check
Restrict users to only share with users in their groups
to confine sharing within group memberships. When you check this, you’ll get an optional dropdown list of ignored groups when checking group membership. Type any group name to search for.Groups added to
Ignore the following groups when checking group membership
won’t be taken in account to determine if users are in same groups and may share with each others.
Note
This setting does not apply to the Federated Cloud sharing feature. If Federated Cloud Sharing is enabled, users can still share items with any users on any instances (including the one they are on) via a remote share.
Check
Allow users to share via link and email
to enable creating public shares for people who are not Nextcloud users via hyperlink.Check
Allow public uploads
to allow anyone to upload files to public shares.Check
Always ask for a password
to proactively ask a user to set a password for a share link.Check
Enforce password protection
to force users to set a password on all public share links. This does not apply to local user and group shares.Add groups to
Exclude groups from creating link shares
to no apply the settings for that groups.
Check
Exclude groups from sharing
to prevent members of specific groups from creating any file shares in those groups. When you check this, you’ll get a dropdown list of all your groups to choose from. Type any group name to search for. Members of excluded groups can still receive shares, but not create any.Check
Set default expiration date for shares
to set a default expiration date on local user and group shares.Check
Enforce expiration date
to always enforce the configured expiration date on local user and group shares.Note
Users will not be able to set the expiration date further in the future than the enforced expiration date, although they will be able to set a more recent date. Also note that users will be able to update the expiration date again at a later point. The expiration date is based on the current date and not on the share creation date. The user will be able to extend the expiration date again whenever a previous expiration date is close to be reached.
Check
Set default expiration date for shares via link or email
to set a default expiration date on public shares.Check
Enforce expiration date
to always enforce the configured expiration date on public shares.Note
Users will not be able to set the expiration date further in the future than the enforced expiration date, although they will be able to set a more recent date. Also note that users will be able to update the expiration date again at a later point. The expiration date is based on the current date and not on the share creation date. The user will be able to extend the expiration date again whenever a previous expiration date is close to be reached.
Check
Allow username autocompletion in share dialog and allow access to the system address book
to enable auto-completion of Nextcloud usernames and list the system address book as resource when syncing contacts with CardDAV.Check
Allow username autocompletion to users within the same groups and limit system address books to users in the same groups
to limit username autocompletion to users from within the same groups as the share owner.Check
Allow username autocompletion to users based on phone number integration
to limit username autocompletion to users when the share owner has synced their phone address book via the Nextcloud Talk mobile clients and it contained the phone number the user configured in their profile.
Check
Allow autocompletion when entering the full name or email address (ignoring missing phonebook match and being in the same group)
to show despite of the previous restrictions a user suggestion, when the complete display name or user id was typed.Check
Show disclaimer text on the public link upload page
to set and show a disclaimer text on public links with hidden file lists. If you enable this feature a text input will be shown to input the disclaimer text.
With Default share permissions
you are able to set the default permissions
for user-shares (Create
, Change
, Delete
and Reshare
) without
forcing them.
Note
Nextcloud does not preserve the mtime (modification time) of directories, though it does update the mtimes on files. See Wrong folder date when syncing for discussion of this.
Note
There are more sharing options on config.php level available: Configuration Parameters
Advanced settings
Here are some edge case settings which are not editable from the web interface, because they are only useful to small subset of administrators.
You can use the occ
command to update those, for example:
occ config:app:set core shareapi_restrict_user_enumeration_full_match_email --value yes
core.shareapi_restrict_user_enumeration_full_match_ignore_second_display_name
When full match is activated, ignore the appended second display name.
Default:
no
Examples:
Setting value
Search query
User name
Will match
yes
User 1
User 1 (Second display name)
yes
no
User 1
User 1 (Second display name)
no
core.shareapi_restrict_user_enumeration_full_match_userid
When full match is activated, do not match user ID
Default:
yes
core.shareapi_restrict_user_enumeration_full_match_email
When full match is activated, do not match user email
Default:
yes
Distinguish between max expiration date and default expiration date
The expiration date which can be set and enforced in the settings above are the hard limit and the default value at the same time. Sometimes admins want to have a moderate default expire date, for example 7 days but make sure that the user can’t extend it to more than 14 days.
In order to do so, set a enforced expiration date in the settings as described above and set the default value to something below the maximal possible expiration date with the following OCC commands:
occ config:app:set --value <DAYS> core internal_defaultExpDays
occ config:app:set --value <DAYS> core link_defaultExpDays
Transferring files to another user
You may transfer files from one user to another with occ
. This is useful
when you have to remove a user. Be sure to transfer the files before you delete
the user! This transfers all files from user1 to user2, and the shares and
metadata info associated with those files (shares, tags, comments, etc).
Trashbin contents are not transferred:
occ files:transfer-ownership user1 user2
(See Using the occ command for a complete occ
reference.)
Users may also transfer files or folders selectively by themselves. See user documentation for details.