[Bug]: Wrong permissions for top folder of a view only share

[mgallien]

⚠️ This issue respects the following points: ⚠️

• This is a bug, not a question or a configuration/webserver/proxy issue.
• This issue is not already reported on Github OR Nextcloud Community Forum (I've searched it).
• Nextcloud Server is up to date. See Maintenance and Release Schedule for supported versions.
• I agree to follow Nextcloud's Code of Conduct.

Bug description

I get "DNVS" permissions: delete, rename, move and shared reported on the top level folder of the view only shared folder.
Any child item reports "S" permissions indicating the item is shared to the user.

Steps to reproduce

1. As the owner of a folder, share it in view only mode (for example share to a team or a group)
2. As a receiver of the share, sync it using the desktop client
3. Expect all the shared folders to be read-only but check the top level one that has read/write permissions contrary to the child folders.

Expected behavior

Any folders in a view only share should be reported as view only.

Nextcloud Server version

29

Operating system

Debian/Ubuntu

PHP engine version

PHP 8.2

Web server

Apache (supported)

Database engine version

MariaDB

Is this bug present after an update or on a fresh install?

Fresh Nextcloud Server install

Are you using the Nextcloud Server Encryption module?

Encryption is Disabled

What user-backends are you using?

• Default user-backend (database)
• LDAP/ Active Directory
• SSO - SAML
• Other

Configuration report

{
"system": {
"debug": true,
"profiler": true,
"apps_paths": [
{
"path": "/var/www/html/apps",
"url": "/apps",
"writable": false
},
{
"path": "/var/www/html/apps-extra",
"url": "/apps-extra",
"writable": false
},
{
"path": "/var/www/html/apps-shared",
"url": "/apps-shared",
"writable": false
},
{
"path": "/var/www/html/apps-writable",
"url": "/apps-writable",
"writable": true
}
],
"allow_local_remote_servers": true,
"mail_from_address": "REMOVED SENSITIVE VALUE",
"mail_smtpmode": "smtp",
"mail_sendmailmode": "smtp",
"mail_domain": "REMOVED SENSITIVE VALUE",
"mail_smtphost": "REMOVED SENSITIVE VALUE",
"mail_smtpport": "1025",
"skeletondirectory": "/skeleton",
"setup_create_db_user": false,
"loglevel": 2,
"log_query": false,
"query_log_file": "/shared/log/querylog-nextcloud.log",
"query_log_file_requestid": "yes",
"diagnostics.logging": false,
"diagnostics.logging.threshold": 0,
"log.condition": {
"apps": [
"diagnostics",
"admin_audit"
]
},
"bulkupload.enabled": false,
"passwordsalt": "REMOVED SENSITIVE VALUE",
"secret": "REMOVED SENSITIVE VALUE",
"trusted_domains": [
"localhost"
],
"datadirectory": "REMOVED SENSITIVE VALUE",
"dbtype": "mysql",
"version": "29.0.8.2",
"overwrite.cli.url": "http://localhost",
"dbname": "REMOVED SENSITIVE VALUE",
"dbhost": "REMOVED SENSITIVE VALUE",
"dbport": "",
"dbtableprefix": "oc_",
"mysql.utf8mb4": true,
"dbuser": "REMOVED SENSITIVE VALUE",
"dbpassword": "REMOVED SENSITIVE VALUE",
"installed": true,
"instanceid": "REMOVED SENSITIVE VALUE",
"lookup_server": ""
}
}

List of activated Apps

No response

Nextcloud Signing status

No response

Nextcloud Logs

No response

Additional info

No response

[come-nc]

Hello @mgallien

I can reproduce but I do think this is correct:

• The user can rename or move the shared folder, so NV is correct
• CK is not present, so file creation is not allowed.

So there is no bug in my opinion, only the content of the share is read-only, the user is allowed to name it and move it as he wishes in his home folder as expected.
What am I missing?

[sorbaugh]

@mgallien can you confirm? Was there some sort of misunderstanding?

[mgallien]

@sorbaugh I am investigating
might indeed be a wrong interpretation of what DNVS is intended to mean on client side
we would need to document that a top-folder of a view-only share will have DNVS when it is view-only and would include more permissions in case write is allowed
on the base of this behavior, I will modify the client
should we keep this open until the doc is modified ?
I think we should document this explicitly

[icewind1991]

Yes, the root of a received share always has move+delete permissions since the recipient can move and leave the share.

[sorbaugh]

@sorbaugh I am investigating might indeed be a wrong interpretation of what DNVS is intended to mean on client side we would need to document that a top-folder of a view-only share will have DNVS when it is view-only and would include more permissions in case write is allowed on the base of this behavior, I will modify the client should we keep this open until the doc is modified ? I think we should document this explicitly

Yes, since this is cause for misunderstanding I think documenting this would indeed be very helpful before closing. Can you please do so @come-nc 🙏

[mgallien]

the needed client changes are included in nextcloud/desktop#7477
it works fine
thanks for the help
thanks for the explanations @come-nc and others