I'm planning to allow some (non technical) family members to access files remotely, and perhaps to use cloud features in general, with the NextCloud plugin (on 11.2-RELEASE). But I don't fully understand the way that NextCloud plugin would handle user authentication and file access, so I don't know if it will work as I want it to.
This is what I'm after:
If not, then can I do it in some other way, or by manually editing the config, or installing it without using the plugin system? Or what are my options?
This is what I'm after:
- NextCloud user authentication: I want to configure NextCloud to authenticate users using the OS itself. That is, if someone logs in as Alice, to NextCloud, I need to have created a user account for "Alice" in the FreeNAS GUI for them (and optionally made it a member of various Unix groups), and the remote user needs to have Alice's PW or certificate, or to pass the configured LDAP/RADIUS authentication, or whatever else FreeNAS is set up to require, in order for Alice to authenticate if she tried to login via say, CLI or SMB.
I know NextCloud had at one point, a "Unix user backend" extension/app but I don't know if it's still usable. If it isn't, then it seems to have has an "External User Support" extension/app but that's only showing as supporting up to NextCloud 14, not v15, and I'm not sure if it does what I need either.
I don't mind if I have to also create an "Alice" account in NextCloud (as well as in the FreeNAS UI), so long as her login will only be verified by the system's user-authentication processes. I don't want any user authentication info (PW/certs) entered within NextCloud itself - it should all be checked by the OS, and have been manually set up beforehand.
- NextCloud users' file operations: Assuming NextCloud can authenticate users by Unix password/certificate, my followup question is whether it will actually perform requested file operations using that user's UID/GID? That is, having authenticated Alice against some FreeNAS provided backend (Unix or whatever), when Alice tries to view+browse the file hierarchy or perform file operations, will NextCloud use Alice's account to do so, or will it use some generic "Nextcloud-user" account? This is important because my controls over what Alice can and can't do, are handled using ACLs based on Alice's Unix UID/GID. So if NextCloud uses some generic "nextcloud-backend-useraccount" for file access, the ACLs that control Alice's ability to do file operations won't be effective.
If not, then can I do it in some other way, or by manually editing the config, or installing it without using the plugin system? Or what are my options?