Comments (18)
@aproposnix with E2E it doesn't matter because you can't open the files on the server. In other words the admin can impersonate you but without your mnemonic key they still can't access your E2E files.
from impersonate.
Could you clarify the situation: "the app admins shouldn't see any of users files". so then don't grant them permission to use impersonate, e.g. having two groups sysadmin+appadmin and only sysadmin is allowed to use impersonate?
or do you want to prevent sysadmins to impersonate as appadmins?
from impersonate.
@KB7777 with 1.0.4 you can configure group memberships (Admin → Additional settings). The people who should be able to impersonate must be groupadmins within (and can only impersonate users in that group). Perhaps that's already sufficient?
from impersonate.
I think a user should be notified when an admin impersonates them. This app presents a trust issue with hosted Nextcloud instances.
What's the point of E2E encryption when an admin can just open your account and go through your files?
from impersonate.
Sorry for the delayed respons...
@ManOki @blizzz
I want to prevent appadmins to impersonate any of the user from Nextcloud, but appadmins has to get all rights to manage the Nextcloud instance from web app (not only access to manage the users, but manage settings, apps, etc.).
Regards.
from impersonate.
@KB7777 places all persons who are allowed to impersonate into one group and configure this as according to #41 (comment)
from impersonate.
@blizzz
But my appadmins have to be in "admin" group as well to manage all Nextcloud instance.
So they could impersonate any of the user.
from impersonate.
@KB7777 nope, iirc, you can confiugre an "impersonator" group and assign the people accordingly.
from impersonate.
This is not working :)
If I place my appadmins to "impersonator" group only they can't edit setting of Nextcloud instance.
Thay have to be in "admin" group to be the admin of all settings.
from impersonate.
@KB7777 they can be in both admins and impersonators, but you need to limit impersonating to the impersonators group
from impersonate.
But the user from "admins" group can change his group and add himself to "impersonator" group.
from impersonate.
true, that's a dilemma. but since they are admin anyway, they basically can do anything.
from impersonate.
Well, it's all about that -- How to block using impersonate? :)
Maybe option at config.php?
from impersonate.
don't bother for admins, they'll always find a way. If you don't trust them, take away the admin role.
from impersonate.
But the my appadmins can't access to the OS.
from impersonate.
@KB7777 they could write a malicious app, put it to the app store and install it. Would give them at least permissions of the web user.
from impersonate.
So, there is no point to restrict my appadmins group, because they could do anything in Nextcloud instance anyway? Hm...
Maybe information to the user if admin using impersonate app is not wrong idea.
from impersonate.
It's being logged in the nextcloud.log so far. User information could be interesting, though i guess there are pro and cons against that. You may open a feature request, though up front: i won't have resources to work on it any time soon.
from impersonate.
Related Issues (20)
- Failed to update nextcloud/ocp package on branch stable27
- Failed to update nextcloud/ocp package on branch stable27
- Failed to update nextcloud/ocp package on branch stable28
- Failed to update nextcloud/ocp package on branch stable26
- Failed to update nextcloud/ocp package on branch stable26
- Failed to update nextcloud/ocp package on branch stable27
- Failed to update nextcloud/ocp package on branch stable28
- Failed to update nextcloud/ocp package on branch stable26
- Failed to update nextcloud/ocp package on branch stable28
- Failed to update nextcloud/ocp package on branch stable27
- Failed to update nextcloud/ocp package on branch stable27
- Failed to update nextcloud/ocp package on branch stable28
- Failed to update nextcloud/ocp package on branch stable26
- Failed to update nextcloud/ocp package on branch stable27
- Failed to update nextcloud/ocp package on branch stable26
- Failed to update nextcloud/ocp package on branch stable28
- Failed to update nextcloud/ocp package on branch stable26
- Failed to update nextcloud/ocp package on branch stable27
- Failed to update nextcloud/ocp package on branch stable28
- Failed to update nextcloud/ocp package on branch stable27
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from impersonate.