Delete User should not delete files by default, should not force user file deletion

[dereks]

How to use GitHub

• Please use the 👍 reaction to show that you are interested into the same feature.
• Please don't comment if you have no relevant information to add. It's just extra noise for everyone subscribed to this issue.
• Subscribe to receive notifications on status change and new comments.

Is your feature request related to a problem? Please describe.

Every Unix-like system (including Linux), plus also Microsoft Windows, does not delete a user's files (by default) when you delete the user. One must take extra action, either deleting their home dir manually with rm -rf /home/USER/ or else providing an override option like deluser --remove-home ... or deluser --remove-all-files ... .

Nextcloud runs on a Posix stack with open protocols, so I expect it to behave the same as every other system I've administered over the past 30 years.

Also, some companies and institutions like legal, insurance, or health companies have special laws where they are not allowed to delete data.

Describe the solution you'd like

Offer a non-default GUI check-mark that says "Also delete this user's files?"

It would also be nice if the GUI offered:

"Transfer this user's files to user: ..." so when an employee quits the company their files can be taken over by their boss or their replacement employee.

It would also be nice if the GUI offered:

"Archive this user's files" that just tarballs all their files into the SuperAdmin account who is deleting this user.

It would also be nice if config.php allowed enabled or disabling each of these options so that a dumb SuperAdmin can't accidentally delete user data, especially if it's against company policy (or against the law).

Describe alternatives you've considered

Google's G Suite also defaults to deleting user files at user deletion, like the current Nextcloud behavior. However, unlike Nextcloud, Google gives you 20 days to restore a deleted user account.

Google also provides you instructions on what to do before you delete a user:

https://support.google.com/a/answer/33314#Before

[szaimen]

cc @nextcloud/server-triage is this feasible?

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[EngelPika32]

This issue seems to need info from the nextcloud-maintainers and not the issue creator.
Hence I write this message for "activity" (I still dislike auto-close bots).

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[EngelPika32]

@szaimen What to do about this bot closing tickets which need a reply from nextcloud maintainers/staff/knowledged?

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[Spartachetto]

I understand that this is a difficult request, both from the technical part and the legal one.

Talking about the legal requirements, here we have two potentially conflicting rights: the right of the user of confidentiality (privacy or data protection or...) and the right of the employer to maintain the internal data.

A first rough solution could be to allow the selection @dereks proposes. One could also think that it could be some setting that the administrator picks: something like "when deleting a user, ask if the system has to maintain the files? Yes [ ], No [ ]".

A more complete solution would require a careful verification of what is "company data" and what is "personal data" in all the user data (chats, contacts, ....). That is country and sector specific.
A complete solution requires some information available to the user (like what described in nextcloud/appstore#1512 and in #28565 ) to guarantee that s/he understands clearly what is "personal" and what is not.

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[EngelPika32]

Another (possible) usage for this feature might be the 'movement of a user'. Since we can't rename a user, one would need a new account with their data being transferred (eg. if their name changes). Asking what should happen with the files not only prevents accidental loss of data, it makes things easier for the user.

[PS: And I still think your nextcloud-stale bot has a bug because in every issue with the 'needs-info' label [I see], the info is asked from the nextcloud staff side and not the creator of the issue… – hence the automatic closing makes no sense to me]

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[EngelPika32]

Ping! (Can you implement a Ping-Pong Game for the Bot? Possibly with emotes ;))

I'd really like to know what the odds are for/against this feature from nc-staff…

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[EngelPika32]

Still relevant (Ping!).

[Spartachetto]

Rereading this issue, I feel that here we have a clear distinction between the "personal" situation and the "professional" one.

I'll try to clarify:

• if we are talking of my personal cloud, I am really happy of User migration (foundation) #30397 . I control my data and I'd love that I can move them to the instance I pick
• in a professional situation, my employer needs the possibility to control the data (files, images, comments, ....) I generate. The perfect situation would be what listed before: it is clear in advance what is mine (i.e. personal ) and what is not; I can decide to delete or move my data, I cannot do it with my employer's data even if it belongs to my profile

Tough nut to crack...!

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[EngelPika32]

Can someone pls add a 'no-stale' label?? …

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.

[EngelPika32]

Monthly "Ping" as it seems. At least the bot isn't slow with a "Pong" =)

[ghost]

This issue has been automatically marked as stale because it has not had recent activity and seems to be missing some essential information. It will be closed if no further activity occurs. Thank you for your contributions.