groupfolders icon indicating copy to clipboard operation
groupfolders copied to clipboard

Published 20 hours ago โ€ข verified publisher icon nextcloud

Groupfolder permission changes and other admin actions are not logged in Activity app, but are in admin audit log

Open hcderaad opened this issue 10 months ago โ€ข 3 comments

Steps to reproduce

  1. On Nextcloud 30.0.5
  2. Install the groupfolders app (version 18.0.9)
  3. Add/edit a group
  4. Check the Activity log (also directly in the database) for any actions, none are present for the groupfolder
  5. Check the audit.log with the audit trail from the admin audit app, the group folder activities are present

Expected behaviour

Any admin action to a group folder should be visible in the Activity app or in the regular log, as such an audit trail is required in regulated environments.

Actual behaviour

Groupfolder permission changes and other admin actions are not logged in Activity app

Server configuration

Operating system: Ubuntu 24.04

Web server: Apache (behind nginx proxy)

Database: PostgreSQL 15

PHP version: 8.2.27

Nextcloud version: (see Nextcloud admin page) 30.0.5

Team folders version: 18.0.9

Updated from an older Nextcloud/ownCloud or fresh install: Fresh install of groupfolders

Where did you install Nextcloud from:

Are you using external storage, if yes which one: local/s3/smb/sftp/... No

Are you using encryption: yes/no No

Are you using an external user-backend, if yes which one: LDAP/ActiveDirectory/Webdav/Saml/... No

Client configuration

Browser: MS Edge latest stable version

Operating system: Windows 11

Logs

From audit.log (example) {"reqId":"r6IkiNodUsFObiZ3Rb0A","level":1,"time":"2025-02-03T09:50:28+00:00","remoteAddr":"XXXXXX","user":"nc-admin","app":"admin_audit","method":"POST","url":"/apps/groupfolders/folders/1/groups/Lab-operator","message":"The permissions of group "Lab-operator" to the groupfolder with id 1 was set to 1","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/132.0.0.0 Safari/537.36 Edg/132.0.0.0","version":"30.0.5.1","data":{"app":"admin_audit"}}

Web server error log

N/A

Nextcloud log (data/nextcloud.log)

N/A

Browser log

N/A

hcderaad avatar Feb 03 '25 10:02 hcderaad

I don't see a problem here. You can see the critical activities in the admin audit log and everything else in the normal Activity app. The Activity app is also accessible by normal users, so I guess that's the reason why critical activities are not shown there.

provokateurin avatar Feb 03 '25 10:02 provokateurin

For other admin actions (such as adding users, groups, setting/revoking permissions) these are shown in the regular Activity app. So at the very least, this behavior is inconsistent with that. It in fact creates a precedent in where the regular activities app can not be trusted to capture an audit trail, which is a total nogo for using Nextcloud in any regulated industry. Should you wish for me to provide you with the actual regulations requiring such audit trails feel free to ask.

hcderaad avatar Feb 03 '25 21:02 hcderaad

Hi Hans,

I do agree with you that this seems a valid issue and we are happy to take care of it - but, as group folders is a business feature, this would only happen under business conditions - as part of a PoC with us for example. Not as a volunteer effort. I'd be more than happy to connect you to our sales team, will reach out 1:1.

jospoortvliet avatar Feb 06 '25 13:02 jospoortvliet