diff -Nur smeserver-nextcloud-1.1.0.old/createlinks smeserver-nextcloud-1.1.0/createlinks
--- smeserver-nextcloud-1.1.0.old/createlinks	2018-04-11 00:07:43.308000000 -0400
+++ smeserver-nextcloud-1.1.0/createlinks	2018-04-11 00:10:26.131000000 -0400
@@ -27,7 +27,7 @@
   nextcloud-del-user 60
   ));
 
-foreach my $event (qw(ibay-create ibay-modify ibay-modify-files  group-create  group-delete  group-modify user-create  user-modify domain-create  domain-delete  domain-modify )){
+foreach my $event (qw(ibay-create ibay-modify ibay-modify-files  group-create  group-delete  group-modify user-create  user-modify domain-create  domain-delete  domain-modify  share-create          share-delete          share-modify)){
    event_link("nextcloud-occ-conf", $event, "30");
    }
 
diff -Nur smeserver-nextcloud-1.1.0.old/root/etc/e-smith/events/actions/nextcloud-occ-conf smeserver-nextcloud-1.1.0/root/etc/e-smith/events/actions/nextcloud-occ-conf
--- smeserver-nextcloud-1.1.0.old/root/etc/e-smith/events/actions/nextcloud-occ-conf	2018-04-11 00:07:43.307000000 -0400
+++ smeserver-nextcloud-1.1.0/root/etc/e-smith/events/actions/nextcloud-occ-conf	2018-04-11 00:09:09.391000000 -0400
@@ -5,6 +5,7 @@
 use esmith::util;
 use esmith::AccountsDB;
 use JSON;
+use Array::Compare;
 
 sub OCC
 {
@@ -16,6 +17,7 @@
 {
     my $params = join(" ", @_);
     my $json =`TERM=dumb su - apache -s /bin/bash -c "source /opt/remi/php71/enable; cd /usr/share/nextcloud/; php occ $params"` ;
+    $json =~ s/\s+$//;
     return $json;
 }
 
@@ -82,7 +84,7 @@
 my $baseDN = esmith::util::ldapBase($cdb->get_value('DomainName'));
 my $local = $cdb->get_value('LocalIP');
 my $remote = $cdb->get_value('ExternalIP') || ""; 
-
+my $comp1 = Array::Compare->new; 
 
 # update trusted domains
 OCC "config:system:set trusted_domains 0 --value=$fqdn";
@@ -142,10 +144,20 @@
 
 # set ibays shares 
 foreach ( @ibays) {
-  my $group = $_->prop('Group');
+  my $group = $_->prop('Group') ||'';
   my $key =  $_->key;
   my $id = "";
-
+  my $typ = $_->prop('type');
+  my @wgroups = split(',', $_->prop('WriteGroups')||'');
+  my @rgroups = split(',', $_->prop('ReadGroups')||'');
+  my @groups ;
+  push @groups, @rgroups,@wgroups, split(',',$group); 
+  my @rusers = split(',', $_->prop('ReadUsers')||'');
+  my @wusers = split(',', $_->prop('WriteUsers')||'');
+  my @Users;
+  push @Users,@wusers,@rusers;
+  my @uUsers ;
+  for (@Users)  { push  @uUsers, $NCusers{$_}; } ;
   # next if includeI not empty and if not in includeI
   next  if (scalar(@incI) > 0 && grep(/^$key$/i, @incI) );
   # next if in excludeI
@@ -161,11 +173,16 @@
    if ($storage eq "smb") {
      $id = OCCr "files_external:create -c share=$key -c host=localhost 'ibays/$key'  smb password::logincredentials --output json";
    } else {
-     $id = OCCr "files_external:create -c datadir=/home/e-smith/files/ibays/$key 'ibays/$key'  local null::null  --output json";
+     $id = OCCr "files_external:create -c datadir=/home/e-smith/files/$typ/$key 'ibays/$key'  local null::null  --output json";
+   }
+   for $group (@groups) {
+   	OCC "files_external:applicable --add-group $group $id --output json";
+   }
+   for my $u (@uUsers) {
+        OCC "files_external:applicable --add-user $u $id  --output json" ;
    }
-   OCC "files_external:applicable --add-group $group $id";
    push @idOK,$id;
-   print "created $key\n";
+   print "created $typ $key : $id\n";
    next;
   }
   if (scalar(@matching_keys) > 1) {
@@ -179,10 +196,20 @@
 
   #if one: update if necessary
   $id = pop @matching_keys;
-  if (scalar(@{$localmounts{$id}{'applicable_users'}}) >0 || scalar(@{$localmounts{$id}{'applicable_groups'}}) >1 || scalar(@{$localmounts{$id}{'applicable_groups'}}) == 0 || $localmounts{$id}{'applicable_groups'}[0] ne $group) {
+  my @a = sort(@{$localmounts{$id}{'applicable_groups'}} );
+  my @b = sort(@groups);
+  my @ua = sort(@{$localmounts{$id}{'applicable_users'}} );
+  my @ub = sort(@uUsers);
+  if ( ! $comp1->compare(\@ua, \@ub)  || ! $comp1->compare(\@a, \@b) ) {
     print "updating $key\n";
-    OCC "files_external:applicable --remove-all $id";
-    OCC "files_external:applicable --add-group $group $id" ;
+    OCC "files_external:applicable --remove-all $id --output json";
+    for $group (@groups) {
+    	OCC "files_external:applicable --add-group $group $id --output json" ;
+    }
+    for my $u (@uUsers) {
+        OCC "files_external:applicable --add-user $u $id --output json" ;
+    }
+
   }
   push @idOK,$id;
 }
@@ -215,8 +242,11 @@
   unless ( !-d $idir || !-d "$idir/files" || -d "$idir/files/ibays")
   {  
         mkdir "$idir/files/ibays", 0770;
-        chown $uid, $gid,"$idir/files/ibays"; 
   }
+  # we do this on every turn in case it was wrong
+  chown $uid, $gid,"$idir/files/ibays";
+  chmod 0770, "$idir/files/ibays"; 
+  OCC "files:scan $user --quiet";
   # we proceed next only if we want the user homes
   next unless ($status eq "enabled");
   # get existing mount