Read Only Access to the Database


#1

Good day,

I was hoping someone would be able to assist me into getting read-only access into the owncloud backend files? My Ubuntu user is named 'tim', so is there anyway to give user 'tim' read-only access to the www-data group? I am inexperienced in Ubuntu, so that very well could be not possible.

I want to do this because I want to login to a samba read-only network share on my LAN, through user 'tim' and play videos stored on my owncloud. The only alternatives I know are to either login to owncloud and download the files on my local computer to play, or use owncloud's build in video player. Both of those alternatives are not ideal for me.

I would greatly appreciate any help!

Cheers,
Tim

Server Details
Ubuntu 16.04 Desktop
Owncloud 9.1.3
MySQL
Apache


#2

ownCloud expects full access to the data folder. So you have two options which work for ownCloud:

  • you put the files in a folder in your filesystem (not the data folder of ownCloud), you give www-data only read access. Then you include this folder via external storage feature (option: local).
  • you upload all files to a specific user who has full access to these files. Then you share the whole folder to your user tim but you give only read access.

In the first example, you manage the permissions on the file system. In the second you rely on the ownCloud-internal permission settings.


#3

You can use "setfacl" to add an access control list entry for tim to read these files. The filesystem itself needs to be mounted with "acl" option for this to work.

setfacl -d -m u:tim:r /directory/of_files
setfacl -m u:tim:r /path/to/file

We use something like this in reverse ... that is, we have a regular usage storage area with each user owning their own files. We use access control to allow the own cloud user to read/write files. A cron job converts ownership of new files from the own cloud user to the actual user.