Audit log for admin setting changes

[MorrisJobke]

It would be useful to log when which administrator changed a setting. For example the "password policy": when did a change to "1 character is required only" was done.

Would a simple "listen to all config changes" hook work here? Or is this overkill?

cc @nickvergessen @blizzz @rullzer

[nextcloud-bot]

GitMate.io thinks possibly related issues are https://github.com/nextcloud/server/issues/1261 (force password change for all users by admin), https://github.com/nextcloud/server/issues/3777 (Change of user passwords by admin fails), https://github.com/nextcloud/server/issues/8778 (Log in as user as Admin), https://github.com/nextcloud/server/issues/9191 (Change own quota as group admin), and https://github.com/nextcloud/server/issues/5399 (Group admin cannot change settings in user management).

[nickvergessen]

I think we should do specific hooks in the password_policy app

[blizzz]

Would a simple "listen to all config changes" hook work here? Or is this overkill?

Could be overkill, when background jobs set markers. Could be filtered out on CLI, but perhaps not so easily on Ajax.

Changes on the config.php would not be caught when they are done manually in the file. Leaves appconfig. User preferences is again difficult.

Firing dedicated hooks is more fine-grained, but also more error prone (as in easy to be forgotten) on changes and new features.

[szaimen]

I suppose this issue is still valid? If not, please close this issue!