ownCloudAdminManual 7 PDF
ownCloudAdminManual 7 PDF
ownCloudAdminManual 7 PDF
Release 7.0
CONTENTS
Introduction
1.1 Target Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.2 ownCloud Videos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1.3 Document Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
1
1
1
1
ownCloud Videos
2.1 Server to Server Sharing on ownCloud 7 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.2 Introducing ownCloud 7 Enterprise Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2.3 ownCloud for Enterprise File Sync and Share . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
5
5
5
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
7
7
7
7
7
7
8
8
8
8
8
Installation
4.1 Preferred Linux Installation Method .
4.2 ownCloud Appliances . . . . . . . .
4.3 Installing and Managing Apps . . . .
4.4 Hiawatha Configuration . . . . . . .
4.5 Installation Wizard . . . . . . . . . .
4.6 Lighttpd Configuration . . . . . . . .
4.7 Mac OS X . . . . . . . . . . . . . .
4.8 Nginx Configuration . . . . . . . . .
4.9 Other Installation Methods . . . . . .
4.10 Manual Installation on Linux . . . .
4.11 Univention Corporate Server . . . . .
4.12 Windows 7 and Windows Server 2008
4.13 Yaws Configuration . . . . . . . . .
4.14 SELinux Configuration . . . . . . . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
9
9
9
10
12
13
17
18
18
20
20
26
33
39
40
Configuration
5.1 Configuring the ClamAV Antivirus Scanner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5.2 Automatic Configuration Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
41
41
45
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11
5.12
5.13
5.14
5.15
5.16
5.17
5.18
5.19
5.20
5.21
5.22
5.23
5.24
5.25
5.26
5.27
5.28
5.29
5.30
5.31
6
ii
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
47
48
49
50
50
64
65
72
80
84
97
105
107
107
108
108
109
110
114
116
116
117
119
121
122
123
136
137
140
Maintenance
6.1 Maintenance Mode Configuration . . . . . . . . . . . . . . . .
6.2 Backing up ownCloud . . . . . . . . . . . . . . . . . . . . . .
6.3 Updating ownCloud with the Updater App . . . . . . . . . . .
6.4 Upgrading Your ownCloud Server . . . . . . . . . . . . . . . .
6.5 Restoring ownCloud . . . . . . . . . . . . . . . . . . . . . . .
6.6 Migrating ownCloud Installations . . . . . . . . . . . . . . . .
6.7 Converting From SQLite to MySQL, MariaDB, or PostgreSQL
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
141
141
141
142
147
150
151
151
CHAPTER
ONE
INTRODUCTION
Welcome to the ownCloud Administrator Guide. This guide describes administrator tasks for ownCloud; a flexible,
open source, file synchronization and sharing solution. ownCloud is comprised of a server running on either a Linux
or Microsoft Windows platform as well as client applications for Microsoft Windows, Mac OS X and Linux (Desktop
Client) and mobile clients for both the Android and Apple iOS operating system.
1.3.1 Installation
This section provides detailed instructions on how to install ownCloud in different scenarios. It contains the following
topics:
ownCloud Appliances
Installing and Managing Apps
Hiawatha Configuration
Installation Wizard
Lighttpd Configuration
1
1.3.2 Configuration
This section describes how to configure ownCloud and your Web server. It contains the following topics:
Configuring the ClamAV Antivirus Scanner
Automatic Configuration Setup
Defining Background Jobs
Uploading big files > 512MB (as set by default)
Configuring the Collaborative Documents App
Config.php Parameters
Custom Client Configuration
Database Configuration
Email Configuration
Configuring External Storage (GUI)
Configuring External Storage (Configuration File)
File Sharing
Files Locking App Configuration
JavaScript and CSS Asset Management
Knowledge Base Configuration
Language Configuration
Logging Configuration
Previews Configuration
Reverse Proxy Configuration
Enabling Full-Text Search
Encryption Configuration
Chapter 1. Introduction
1.3.3 Maintenance
This sections describes the maintenance tasks associated with the ownCloud server (for example, updating or migrating
to a new version of ownCloud). It contains the following topics:
Backing up ownCloud
Converting From SQLite to MySQL, MariaDB, or PostgreSQL
Maintenance Mode Configuration
Migrating ownCloud Installations
Restoring ownCloud
Updating ownCloud with the Updater App
Upgrading Your ownCloud Server
1.3.4 Issues
What to do when you have problems, and where to report bugs.
Issues and Troubleshooting
Chapter 1. Introduction
CHAPTER
TWO
OWNCLOUD VIDEOS
Please visit our YouTube channel for howtos, demos, news, and Webinars for both the Community and Enterprise
versions of ownCloud.
ownCloud 7 Enterprise Edition introduces Universal File Access, which provides a single interface to all of your
disparate systems and data silos. Integrate Sharepoint libraries, Windows network drives, link ownCloud servers with
server-to-server sharing, and lots more.
ownCloud is an enterprise-grade file sync and share solution that is hosted in your data center, on your servers, using
your storage. ownCloud integrates seamlessly into your IT infrastructure; you can leave data where it lives and still
deliver file sharing services that meet your data security and compliance policies.
CHAPTER
THREE
3.7 Sharing
Sharing has been dramatically enhanced and streamlined, making it more flexible, faster and accessible. Improvements
include:
Force Password: Admins can now force users to set a password when they create shared links. This ensures
that files shared outside of ownCloud via a link are properly secured by users.
Share Link Default and Max Expiration: When sharing a file with a link, admins can now require users to
set a specific expiration duration for the link.
Antivirus Action Updates: The Antivirus app has been enhanced to allow with some minor customization
the use of external virus scanners (rather than the default ClamAV) in scanning files as they arrive on the
server.
The Shared folder has been removed from new installations of ownCloud 7: Shared files now appear in the
top level of your file tree on your Files page, and you can change the default shared folder to any folder with
the share_folder directive in config.php. If you are upgrading from older ownCloud versions
you will still have your old Shared folder.
Local shares do not expire with public shares: In older versions of ownCloud, you could set an expiration
date on both local and public shares. Now you can set an expiration date only on public shares, and local
shares do not expire when public shares expire.
CHAPTER
FOUR
INSTALLATION
Chapter 4. Installation
11
setup an /apps2/ folder which will be used to store all other apps.
<?php
"apps_paths" => array (
0 => array (
"path"
=>
"url"
=>
"writable" =>
),
1 => array (
"path"
=>
"url"
=>
"writable" =>
),
),
OC::$SERVERROOT."/apps",
"/apps",
false,
OC::$SERVERROOT."/apps2",
"/apps2",
true,
12
Chapter 4. Installation
13
Enter any arbitrary name for the Database name. This must be a database that does not already exist.
If you are not using Apache as the web server, it is highly recommended to configure the data directory to a
location outside of the document root. Otherwise all user data is potentially publicly visible!
Chapter 4. Installation
(with the same username as you specified for the administrative user, plus an oc_ prefix) and will use that
for all subsequent database access.
There are restrictions as to what characters a database name may or may not contain; see the MySQL
Schema Object Names documentation for details);
-R
-R
-R
-R
root:${htuser} ${ocpath}/
${htuser}:${htuser} ${ocpath}/apps/
${htuser}:${htuser} ${ocpath}/config/
${htuser}:${htuser} ${ocpath}/data/
15
If you have customized your ownCloud installation and your filepaths are different than the standard installation, then
modify this script accordingly.
This lists the recommended modes and ownership for your ownCloud directories and files:
All files should be read-write for the file owner, read-only for the group owner, and zero for the world
All directories should be executable (because directories always need the executable bit set), read-write for the
directory owner, and read-only for the group owner
The / directory should be owned by root:[HTTP user]
The apps/ directory should be owned by [HTTP user]:[HTTP user]
The config/ directory should be owned by [HTTP user]:[HTTP user]
The data/ directory should be owned by [HTTP user]:[HTTP user]
The [ocpath]/.htaccess file should be owned by root:[HTTP user]
The data/.htaccess file should be owned by root:[HTTP user]
Both .htaccess files are read-write file owner, read-only group and world
In the event that a load balancer is in place there will be no issues as long as it sends the correct X-Forwarded-Host
header.
The loopback address, 127.0.0.1, is whitelisted and therefore users on the ownCloud server who access ownCloud
with the loopback interface will be able to successfully login. In the event that an improper URL is used, the following
error will appear:
16
Chapter 4. Installation
17
Increment the package version with dch -i. This will open the changelog with a new entry. You can save as-is or
add info to it. The important bit is that the version is bumped so apt will not try to upgrade back to Debians version.
Then build with debuild and install the .debs for any Lighttpd packages you already have installed.
4.7 Mac OS X
Note: Due to an issue with Mac OS Unicode support, installing ownCloud Server 7.0 on Mac OS is currently not
supported.
18
Chapter 4. Installation
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README){
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ /index.php;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param HTTPS on;
fastcgi_pass php-handler;
}
# Optional: set long EXPIRES header on static assets
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}
Note: You can use ownCloud over plain http, but we strongly encourage you to use SSL/TLS to encrypt all of your
server traffic, and to protect users logins and data in transit.
Remove the server block containing the redirect
Change listen 443 ssl to listen 80;
Remove ssl_certificate and ssl_certificate_key.
Remove fastcgi_params HTTPS on;
Note: If you want to effectively increase maximum upload size you will also have to modify your php-fpm con4.8. Nginx Configuration
19
figuration (usually at /etc/php5/fpm/php.ini) and increase upload_max_filesize and post_max_size values. Youll
need to restart php5-fpm and nginx services in order these changes to be applied.
4.10.1 Prerequisites
Note: This tutorial assumes you have terminal access to the machine you want to install ownCloud on. Although this
is not an absolute requirement, installation without it is likely to require contacting your hoster (e.g. for installing required modules). Consult the PHP manual for information on modules. Your Linux distribution should have packages
for all required modules.
To run ownCloud, your web server must have the following installed:
php5 (>= 5.3.8, minimum recommended 5.4)
PHP module ctype
PHP module dom
PHP module GD
PHP module iconv
PHP module JSON
PHP module libxml
PHP module mb multibyte
PHP module SimpleXML
PHP module XMLWriter
PHP module zip
PHP module zlib
Database connectors (pick at least one):
PHP module sqlite (>= 3, usually not recommended for performance reasons)
20
Chapter 4. Installation
You dont need the WebDAV module for your web server (i.e. Apaches mod_webdav) to access your ownCloud data via WebDAV. ownCloud has a built-in WebDAV server of its own, SabreDAV.
21
This installs the packages for the ownCloud core system. If you are planning on running additional apps, keep
in mind that they might require additional packages. See the Prerequisites section (above) for details.
At the execution of each of the above commands you might be prompted whether you want to continue; press
Y for Yes (that is if your system language is English. You might have to press a different key if you have a
different system language).
At the installation of the MySQL server, you will be prompted to create a root password. Be sure to remember
the password you enter there for later use as you will need it during ownCloud database setup.
Now download the archive of the latest ownCloud version:
Go to the ownCloud Installation Page.
Click the Archive file for server owners button.
Click Download Unix.
This downloads a file named owncloud-x.y.z.tar.bz2 (where x.y.z is the version number of the current latest
version).
Save this file on the machine you want to install ownCloud on.
Verify the MD5 or SHA256 sum:
md5sum owncloud-x.y.z.tar.bz2
sha256sum owncloud-x.y.z.tar.bz2
Now you can extract the archive contents. Open a terminal, navigate to your download directory, and run:
tar -xjf owncloud-x.y.z.tar.bz2
Copy the ownCloud files to their final destination in the document root of your web server:
cp -r owncloud /path/to/webserver/document-root
22
Chapter 4. Installation
4.10.5 SELinux
See SELinux Configuration for a suggested configuration for SELinux-enabled distributions such as Fedora and CentOS.
Apache is the recommended Web server.
If you are using a different distribution, check your documentation on how to enable SSL.
Note: Self-signed certificates have their drawbacks - especially when you plan to make your ownCloud server publicly
accessible. You might want to consider getting a certificate signed by commercial signing authority. Check with your
domain name registrar or hosting service, if youre using one, for good deals on commercial certificates.
23
Example output:
Server version: Apache/2.4.7 (Ubuntu)
Server built:
Jul 22 2014 14:36:38
This configuration entry needs to go into the configuration file of the site you want to use.
On a Ubuntu system, this typically is the default-ssl
/etc/apache2/sites-available/default-ssl.conf).
site
(to
be
found
in
the
Add the entry shown above immediately before the line containing:
</VirtualHost>
24
Chapter 4. Installation
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
<Directory /var/www/owncloud>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Allow from all
Require all granted
Dav Off
Satisfy Any
</Directory>
</VirtualHost>
</IfModule>
For ownCloud to work correctly, we need the module mod_rewrite. Enable it by running:
a2enmod rewrite
In distributions that do not come with a2enmod, the module needs to be enabled manually by editing the
Apache config files, usually /etc/httpd/httpd.conf. Consult the Apache documentation or your Linux
distributions documentation.
In order for the maximum upload size to be configurable, the .htaccess in the ownCloud folder needs
to be made writable by the server (this should already be done, see section Set the Directory
Permissions).
You should make sure that any built-in WebDAV module of your web server is disabled (at least for the ownCloud directory), as it will interfere with ownClouds built-in WebDAV support.
If you need the WebDAV support in the rest of your configuration, you can turn it off specifically for the
ownCloud entry by adding the following line in the <Directory section for your ownCloud server. Add the
following line directly after the allow from all / Require all granted line:
Dav Off
You must disable any server-configured authentication for ownCloud, as it uses Basic authentication internally
for DAV services. If you have turned on authentication on a parent folder (via e.g. an AuthType Basic
directive), you can turn off the authentication specifically for the ownCloud entry. Following the above example
configuration file, add the following line directly after the allow from all / Require all granted
line in the <Directory section:
Satisfy Any
When using ssl, take special note on the ServerName. You should specify one in the server configuration, as
well as in the CommonName field of the certificate. If you want your ownCloud to be reachable via the internet,
then set both of these to the domain you want to reach your ownCloud server.
Note: By default, the certificates CommonName will be set to the host name at the time the ssl-cert package was
installed.
25
Default
/var/lib/owncloud
owncloud/db/name
owncloud
26
Description
Introduced
Specifies where the file storage will 2012.0.1
be placed
Name of the MySQL database. 2012.0.1
ownCloud will create an own user
for it.
Continued on next page
Chapter 4. Installation
Key
owncloud/user/quota
owncloud/user/enabled
owncloud/group/enabled
owncloud/ldap/base/users
owncloud/ldap/base/groups
owncloud/ldap/groupMemberAssoc
owncloud/ldap/tls
owncloud/ldap/disableMainServer
owncloud/ldap/cacheTTL
owncloud/ldap/UUIDAttribute
owncloud/ldap/loginFilter
owncloud/ldap/userlistFilter
27
Key
owncloud/ldap/groupFilter
owncloud/ldap/internalNameAttribute
owncloud/ldap/displayName
owncloud/ldap/user/searchAttributes
owncloud/ldap/user/quotaAttribute
owncloud/ldap/user/homeAttribute
owncloud/ldap/group/displayName
owncloud/ldap/group/searchAttributes
owncloud/join/users/update
owncloud/group/enableDomainUsers
owncloud/join/users/filter
owncloud/join/groups/filter
If you want to override the default settings, simply create the key in question in the UCR and assign your required
value, for example:
ucr set owncloud/user/enabled=1
28
Chapter 4. Installation
Introduced
2012.4.0.4
5.0.9
2012.0.1
5.0.9
5.0.9
5.0.9
2012.4.0.4
5.0.9
2012.0.1
2012.4.0.4
2012.0.1
2012.4.0.4
or via UMC:
4.11.2 Installation
Now, we are ready to install ownCloud. This can be either done through the UCS App Center (recommended) or by
downloading the packages.
UCS App Center
Open the Univention Management Console and choose the App Center module. You will see a variety of available
applications, including ownCloud.
29
30
Chapter 4. Installation
In the UCS App Center, you can also upgrade from ownCloud 4.5 by installing ownCloud 5.0. They are provided as
separate apps. It is only possible to have one version of ownCloud installed.
Manually by download
Download the integration packages from our website and install them from within your download folder (note: the
package owncloud-unsupported is optional) via command line:
dpkg -i owncloud*.deb
31
In this case you probably also want to remove the data directory /var/lib/owncloud although this is not mandatory.
Updating users can also be done by the script /usr/share/owncloud/update-users.sh . It takes the following UCR variables as parameters: owncloud/user/enabled for enabling or disabling, owncloud/user/quota as the
Quota value and owncloud/join/users/filter as LDAP filter to select the users to update.
Groups 2012.4.0.4
Since ownCloud Enterprise 2012.4.0.4 group support is enabled. Groups, that are activated for ownCloud usage, can
be used to share files to instead of single users, for example. It is also important to note, that users can only share
within groups where they belong to. Groups can be enabled and disabled via UCM as shown in the screen shot below.
32
Chapter 4. Installation
33
4. Expand World Wide Web Services and all of the folders beneath it.
5. Select the folders as shown in the image below to launch the IIS server.
6. Because a running FTP server is not required, turn off that feature for your server.
7. Ensure that you have the IIS Management Console. An IIS management console is the easiest way to start, stop,
and restart your server. This console also enables you to change certificate options and manage items like file
upload size.
8. Check the CGI checkbox under Application Development Features in order to enable PHP on IIS.
9. Turn off WebDAV publishing to avoid conflicts between the Windows WebDAV and the ownCloud WebDAV
interface.
Note: This feature might already be turned off for you. However, we recommend that you ensure
that it remains off. The common HTTP features are the features you would expect from a web server.
After implementing the selections on this page, IIS serves up a web page.
10. Restart IIS by going to the IIS manager (Start > IIS Manager).
11. Select your website.
On the far right side of the opening page you will see a section titled Manage Server.
12. Make sure that the service is started, or click Start to start the services selected.
13. Go to a web browser and navigate to http://localhost.
The standard IIS 7 splash page opens. This page displays a static image that indicates that your web server is
running. Assuming you were able to reach splash page, your web server is now up and running.
Continue by installing PHP.
Windows Server 2008
1. Navigate to Start > Control Panel > Programs.
2. Under Programs and Features, click the link titled Turn Windows Features on and Off. The Server Manager
starts.
3. In the Server Manager, click Roles
4. Click Add Roles.
5. Use the Add Roles Wizard to add the web server role.
6. Make sure that, at a minimum, the same boxes are checked in this wizard that are checked in the Windows 7
Section. For example, make sure that the CGI box is checked under Application Development Features, and that
WebDAV Publishing is turned off. With Remote Desktop Sharing turned on, the detailed role service list looks
like the figure Role Services.
7. Go to the IIS manager (Start > IIS Manager) and restart IIS.
8. Select your website
9. Once this is complete, you should be able to go to a web browser and type localhost. This should open the
standard IIS 7 splash page, which is just a static image that says your web server is running. Assuming you were
able to get the splash page, it is safe to say your web server is now up and running.
Continue by installing PHP.
34
Chapter 4. Installation
35
36
Chapter 4. Installation
37
38
Chapter 4. Installation
4.12.6 Configuring ownCloud, PHP and IIS for Large File Uploads
Before you begin to use ownCloud heavily, it is important to make a few configuration changes to enhance the service
and make it more useful. For example, you might want to increase the max upload size. The default upload is set to
2MB, which is too small for many files (for example, most MP3 files).
To adjust the maximum upload size, you must access your PHP.ini file. You can locate this file in your C:\Program
Files (x86)\PHP folder.
To adjust the maximum upload size, open the PHP.ini file in a text editor, find the following key attributes, and
change them to what you want to use:
upload_max_filesize Changing this value to something like 1G will enable you to upload much larger files.
post_max_size Change this value to be larger than your max upload size you chose.
You can make other changes in the PHP.ini file (for example, the timeout duration for uploads). However, most
default settings in the PHP.ini file should function appropriately.
To enable file uploads on the web server larger than 30 MB, you must also change some settings in the IIS manager.
To modify the IIS Manager:
1. Go to the start menu, and type iis manager. IIS manager launches.
2. Select the website that you want to accept large file uploads.
3. In the main (middle) window, double click the icon Request filtering. A window opens displaying a number of
tabs across the top.
4. Select Edit Feature Settings
5. Modify the Maximum allowed content length (bytes) value to 4.1 GB.
Note: This entry is in bytes, not kilobytes.
You should now have ownCloud configured and ready for use.
39
The Apache .htaccess that comes with ownCloud is configured to redirect requests to non-existent pages. To
emulate that behaviour, you need a custom error handler for yaws. See this github gist for further instructions on how
to create and compile that error handler.
If you uninstall ownCloud you need to remove the ownCloud directory labels. To do this execute the following
commands as root after uninstalling ownCloud:
semanage fcontext -d -t httpd_sys_rw_content_t '/var/www/html/owncloud/data'
restorecon '/var/www/html/owncloud/data'
semanage fcontext -d -t httpd_sys_rw_content_t '/var/www/html/owncloud/config'
restorecon '/var/www/html/owncloud/config'
semanage fcontext -d -t httpd_sys_rw_content_t '/var/www/html/owncloud/apps'
restorecon '/var/www/html/owncloud/apps'
If you have customized SELinux policies and these examples do not work, you must give the HTTP server write access
to these directories:
/var/www/html/owncloud/data
/var/www/html/owncloud/config
/var/www/html/owncloud/apps
40
Chapter 4. Installation
CHAPTER
FIVE
CONFIGURATION
The installer automatically creates default configuration files and launches the clamd and freshclam daemons.
You dont have to do anything more, though its a good idea to review the ClamAV documentation and your settings
in /etc/clamav/. Enable verbose logging in both clamd.conf and freshclam.conf until you get any kinks
worked out.
Red Hat 7, CentOS 7 On Red Hat 7 and related systems you must install the Extra Packages for Enterprise Linux
(EPEL) repository, and then install ClamAV:
yum install epel-release
yum install clamav clamav-scanner clamav-scanner-systemd clamav-server
clamav-server-systemd clamav-update
This installs two configuration files: /etc/freshclam.conf and /etc/clamd.d/scan.conf. You must
edit both of these before you can run ClamAV. Both files are well-commented, and man clamd.conf and man
freshclam.conf explain all the options. Refer to /etc/passwd and /etc/group when you need to verify
the ClamAV user and group.
First edit /etc/freshclam.conf and configure your options. freshclam updates your malware database, so
you want it to run frequently to get updated malware signatures. Run it manually post-installation to download your
first set of malware signatures:
41
freshclam
The EPEL packages do not include an init file for freshclam, so the quick and easy way to set it up for regular
checks is with a cron job. This example runs it every hour at 47 minutes past the hour:
# m
47
h
*
Please avoid any multiples of 10, because those are when the ClamAV servers are hit the hardest for updates.
Next, edit /etc/clamd.d/scan.conf. When youre finished you must enable the clamd service file and start
clamd:
systemctl enable [email protected]
systemctl start [email protected]
That should take care of everything. Enable verbose logging in scan.conf and freshclam.conf until it is
running the way you want.
Chapter 5. Configuration
Daemon: ClamAV is running on a different server. This is a good option for ownCloud servers with high
volumes of file uploads.
Executable: ClamAV is running on the same server as ownCloud, and the clamscan command is started and
then stopped with each file upload. clamscan is slow and not always reliable for on-demand usage; it is better
to use one of the daemon modes.
Daemon (Socket) ownCloud should detect your clamd socket and fill in the Socket field.
LocalSocket option in clamd.conf. You can run netstat to verify:
This is the
The Stream Length value sets the number of bytes read in one pass. 10485760 bytes, or ten megabytes,
is the default. This value should be no larger than the PHP memory_limit settings, or physical memory if
memory_limit is set to -1 (no limit).
Action for infected files found while scanning gives you the choice of logging any alerts
without deleting the files, or immediately deleting infected files.
Daemon For the Daemon option you need the hostname or IP address of the remote server running ClamAV, and the
servers port number.
Executable The Executable option requires the path to clamscan, which is the interactive ClamAV scanning command. ownCloud should find it automatically.
43
44
Chapter 5. Configuration
When you are satisfied with how ClamAV is operating, you might want to go back and change all of your logging to
less verbose levels.
5.2.1 Parameters
When configuring parameters, you must understand that two parameters are named differently in this configuration
file when compared to the standard config.php file.
autoconfig.php
directory
dbpass
config.php
datadirectory
dbpassword
SQLite Database
Using the following parameter settings, the Finish setup screen requests data directory and admin credentials settings.
<?php
$AUTOCONFIG = array(
"dbtype"
=> "sqlite",
"dbname"
=> "owncloud",
"dbtableprefix" => "",
);
45
MySQL Database
Using the following parameter settings, the Finish setup screen requests data directory and admin credentials settings.
<?php
$AUTOCONFIG = array(
"dbtype"
=>
"dbname"
=>
"dbuser"
=>
"dbpass"
=>
"dbhost"
=>
"dbtableprefix" =>
);
"mysql",
"owncloud",
"username",
"password",
"localhost",
"",
Note: Keep in mind that the automatic configuration does not eliminate the need for creating the database user and
database in advance, as described in Database Configuration.
PostgreSQL Database
Using the following parameter settings, the Finish setup screen requests data directory and admin credentials settings.
<?php
$AUTOCONFIG = array(
"dbtype"
=>
"dbname"
=>
"dbuser"
=>
"dbpass"
=>
"dbhost"
=>
"dbtableprefix" =>
);
"pgsql",
"owncloud",
"username",
"password",
"localhost",
"",
Note: Keep in mind that the automatic configuration does not eliminate the need for creating the database user and
database in advance, as described in Database Configuration.
All Parameters
Using the following parameter settings, because all parameters are already configured in the file, the ownCloud installation skips the Finish setup screen.
<?php
$AUTOCONFIG = array(
"dbtype"
=>
"dbname"
=>
"dbuser"
=>
"dbpass"
=>
"dbhost"
=>
"dbtableprefix" =>
"adminlogin"
=>
"adminpass"
=>
46
"mysql",
"owncloud",
"username",
"password",
"localhost",
"",
"root",
"root-password",
Chapter 5. Configuration
"directory"
=> "/www/htdocs/owncloud/data",
);
Note: Keep in mind that the automatic configuration does not eliminate the need for creating the database user and
database in advance, as described in Database Configuration.
5.3.1 Parameters
In the admin settings menu you can configure how cron-jobs should be executed. You can choose between the following options:
AJAX
Webcron
Cron
47
Cron
Using the operating system cron feature is the preferred method for executing regular tasks. This method enables the
execution of scheduled jobs without the inherent limitations the web server might have.
To run a cron job on a *nix system, every 15 minutes, under the default web server user (often, www-data or
wwwrun), you must set up the following cron job to call the cron.php script:
# crontab -u www-data -e
*/15 * * * * php -f /var/www/owncloud/cron.php > /dev/null 2>&1
You can verify if the cron job has been added and scheduled by executing:
# crontab -u www-data -l
*/15 * * * * php -f /var/www/owncloud/cron.php > /dev/null 2>&1
48
Chapter 5. Configuration
49
See Collaborative Document Editing in the User manual to learn how to create and share documents in the Documents application.
This is a unique identifier for your ownCloud installation, created automatically by the installer. This example is for
documentation only, and you should never use it because it will not work. A valid instanceid is created when you
install ownCloud.
instanceid => d3c944a9a,
50
Chapter 5. Configuration
The salt used to hash all passwords, auto-generated by the ownCloud installer. (There are also per-user salts.) If you
lose this salt you lose all your passwords. This example is for documentation only, and you should never use it.
passwordsalt => d3c944a9af095aa08f,
'trusted_domains' =>
array (
'demo.example.org',
'otherdomain.example.org',
),
Your list of trusted domains that users can log into. Specifying trusted domains prevents host header poisoning. Do
not remove this, as it performs necessary security checks.
'datadirectory' => '/var/www/owncloud/data',
Where user files are stored; this defaults to data/ in the ownCloud directory. The SQLite database is also stored
here, when you use SQLite. (SQLite is available only in ownCloud Community Edition)
'version' => '',
The current version number of your ownCloud installation. This is set up during installation and update, so you
shouldnt need to change it.
'dbtype' => 'sqlite',
Identifies the database used with this installation. See also config option supportedDatabases
Available:
sqlite (SQLite3 - Community Edition Only)
mysql (MySQL/MariaDB)
pgsql (PostgreSQL)
oci (Oracle - Enterprise Edition Only)
mssql (Microsoft SQL Server - Enterprise Edition Only)
'dbhost' => '',
Your host server name, for example localhost, hostname, hostname.example.com, or the IP address. To
specify a port use hostname:####; to specify a Unix socket use localhost:/path/to/socket.
'dbname' => 'owncloud',
The name of the ownCloud database, which is set during installation. You should not need to change this.
'dbuser' => '',
The user that ownCloud uses to write to the database. This must be unique across ownCloud instances using the same
SQL database. This is set up during installation, so you shouldnt need to change it.
51
The password for the database user. This is set up during installation, so you shouldnt need to change it.
'dbtableprefix' => '',
Additional driver options for the database connection, eg. to enable SSL encryption in MySQL.
'installed' => false,
Indicates whether the ownCloud instance was installed successfully; true indicates a successful installation, and
false indicates an unsuccessful installation. .. DEFAULT_SECTION_END .. Generated content above. Dont
change this.
52
Chapter 5. Configuration
),
'datadirectory' => '/var/www/owncloud/data',
'dbtype' => 'mysql',
'version' => '7.0.2.1',
'dbname' => 'owncloud',
'dbhost' => 'localhost',
'dbtableprefix' => 'oc_',
'dbuser' => 'oc_carla',
'dbpassword' => '67336bcdf7630dd80b2b81a413d07',
'installed' => true,
);
This sets the default language on your ownCloud server, using ISO_639-1 language codes such as en for English, de
for German, and fr for French. It overrides automatic language detection on public pages like login or shared items.
Users language preferences configured under personal -> language override this setting after they have logged in.
'defaultapp' => 'files',
Set the default app to open on login. Use the app names as they appear in the URL after clicking them in the Apps
menu, such as documents, calendar, and gallery. You can use a comma-separated list of app names, so if the first app
is not enabled for a user then ownCloud will try the second one, and so on. If no enabled apps are found it defaults to
the Files app.
'knowledgebaseenabled' => true,
true enables the Help menu item in the user menu (top right of the ownCloud Web interface). false removes the
Help item.
'enable_avatars' => true,
true enables avatars, or user profile photos. These appear on the User page, on users Personal pages and are used
by some apps (contacts, mail, etc). false disables them.
'allow_user_to_change_display_name' => true,
true allows users to change their display names (on their Personal pages), and false prevents them from changing
their display names.
'remember_login_cookie_lifetime' => 60*60*24*15,
Lifetime of the remember login cookie, which is set when the user clicks the remember checkbox on the login screen.
The default is 15 days, expressed in seconds.
'session_lifetime' => 60 * 60 * 24,
53
The lifetime of a session after inactivity; the default is 24 hours, expressed in seconds.
'session_keepalive' => true,
Enable or disable session keep-alive when a user is logged in to the Web UI.
Enabling this sends a heartbeat to the server to keep it from timing out.
'skeletondirectory' => '',
The directory where the skeleton files are located. These files will be copied to the data directory of new users. Leave
empty to not copy any skeleton files.
'user_backends' => array(
array(
'class' => 'OC_User_IMAP',
'arguments' => array('{imap.gmail.com:993/imap/ssl}INBOX')
)
),
The user_backends app allows you to configure alternate authentication backends. Supported backends are IMAP
(OC_User_IMAP), SMB (OC_User_SMB), and FTP (OC_User_FTP).
The return address that you want to appear on emails sent by the ownCloud server, for example
[email protected], substituting your own domain, of course.
'mail_from_address' => 'owncloud',
FROM address that overrides the built-in sharing-noreply and lostpassword-noreply FROM addresses.
'mail_smtpdebug' => false,
Which mode to use for sending mail: sendmail, smtp, qmail or php.
If you are using local or remote SMTP, set this to smtp.
If you are using PHP mail you must have an installed and working email system on the server. The program used to
send email is defined in the php.ini file.
For the sendmail option you need an installed and working email system on the server,
/usr/sbin/sendmail installed on your Unix system.
with
For qmail the binary is /var/qmail/bin/sendmail, and it must be installed on your Unix system.
54
Chapter 5. Configuration
This depends on mail_smtpmode. Specified the IP address of your mail server host. This may contain multiple
hosts separated by a semi-colon. If you need to specify the port number append it to the IP address separated by a
colon, like this: 127.0.0.1:24.
'mail_smtpport' => 25,
This depends on mail_smtpmode. This set an SMTP server timeout, in seconds. You may need to increase this if
you are running an anti-malware or spam scanner.
'mail_smtpsecure' => '',
This depends on mail_smtpmode. Specify when you are using ssl or tls, or leave empty for no encryption.
'mail_smtpauth' => false,
This depends on mail_smtpmode. Change this to true if your mail server requires authentication.
'mail_smtpauthtype' => 'LOGIN',
This depends on mail_smtpmode. If SMTP authentication is required, choose the authentication type as LOGIN
(default) or PLAIN.
'mail_smtpname' => '',
This depends on mail_smtpauth. Specify the username for authenticating to the SMTP server.
'mail_smtppassword' => '',
This depends on mail_smtpauth. Specify the password for authenticating to the SMTP server.
The automatic hostname detection of ownCloud can fail in certain reverse proxy and CLI/cron situations. This option
allows you to manually override the automatic detection; for example www.example.com, or specify the port
www.example.com:8080.
'overwriteprotocol' => '',
When generating URLs, ownCloud attempts to detect whether the server is accessed via https or http. However,
if ownCloud is behind a proxy and the proxy handles the https calls, ownCloud would not know that ssl is in use,
which would result in incorrect URLs being generated.
5.7. Config.php Parameters
55
This option allows you to define a manual override condition as a regular expression for the remote IP address. For
example, defining a range of IP addresses starting with 10.0.0. and ending with 1 to 3: ^10\.0\.0\.[1-3]$
'overwrite.cli.url' => '',
Use this configuration parameter to specify the base url for any urls which are generated within ownCloud using any kind of command line tools (cron or occ). The value should contain the full base URL:
https://www.example.com/owncloud
'proxy' => '',
The optional authentication for the proxy to use to connect to the internet.
The format is: username:password.
When the trash bin app is enabled (default), this is the number of days a file will be kept in the trash bin. Default is 30
days.
'trashbin_auto_expire' => true,
Disable or enable auto-expiration for the trash bin. By default auto-expiration is enabled.
56
Chapter 5. Configuration
Check 3rd party apps to make sure they are using the private API and not the public API. If the app uses the private
API it cannot be installed.
'updatechecker' => true,
Allows ownCloud to verify a working WebDAV connection. This is done by attempting to make a WebDAV request
from PHP.
'check_for_working_htaccess' => true,
This is a crucial security check on Apache servers that should always be set to true. This verifies that the
.htaccess file is writable and works.
If it is not, then any options controlled by .htaccess, such as large file uploads, will not work. It also runs checks
on the data/ directory, which verifies that it cant be accessed directly through the web server.
'config_is_read_only' => false,
5.7.8 Logging
'log_type' => 'owncloud',
By default the ownCloud logs are sent to the owncloud.log file in the default ownCloud data directory. If syslogging is desired, set this parameter to syslog.
'logfile' => 'owncloud.log',
Loglevel to start logging at. Valid values are: 0 = Debug, 1 = Info, 2 = Warning, 3 = Error. The default value is
Warning.
'logdateformat' => 'F d, Y H:i:s',
57
The default timezone for logfiles is UTC. You may change this; see http://php.net/manual/en/timezones.php
'log_query' => false,
Append all database queries and parameters to the log file. Use this only for debugging, as your logfile will become
huge.
'cron_log' => true,
Enables log rotation and limits the total size of logfiles. The default is 0, or no rotation. Specify a size in bytes, for
example 104857600 (100 megabytes = 100 * 1024 * 1024 bytes). A new logfile is created with a new name when the
old logfile reaches your limit. The total size of all logfiles is double the log_rotate_sizerotation value.
ownCloud uses some 3rd party PHP components to provide certain functionality.
These components are shipped as part of the software package and reside in owncloud/3rdparty. Use this option
to configure a different location.
'3rdpartyurl' => '',
If you have an alternate 3rdpartyroot, you must also configure the URL as seen by a Web browser.
'customclient_desktop' =>
'http://owncloud.org/sync-clients/',
'customclient_android' =>
'https://play.google.com/store/apps/details?id=com.owncloud.android',
'customclient_ios' =>
'https://itunes.apple.com/us/app/owncloud/id543672169?mt=8',
This section is for configuring the download links for ownCloud clients, as seen in the first-run wizard and on Personal
pages.
5.7.10 Apps
Options for the Apps folder, Apps store, and App code checker.
'appstoreenabled' => true,
58
Chapter 5. Configuration
When enabled, admins may install apps from the ownCloud app store.
The app store is disabled by default for ownCloud Enterprise Edition
'appstoreurl' => 'https://api.owncloud.com/v1',
Use the apps_paths parameter to set the location of the Apps directory, which should be scanned for available apps,
and where user-specific apps should be installed from the Apps store. The path defines the absolute file system path
to the app folder. The key url defines the HTTP web path to that folder, starting from the ownCloud web root. The
key writable indicates if a web server can write files to that folder.
'appcodechecker' => true,
Check 3rd party apps to make sure they are using the private API and not the public API. If the app uses the private
API it cannot be installed.
5.7.11 Previews
ownCloud supports previews of image files, the covers of MP3 files, and text files. These options control enabling and
disabling previews, and thumbnail size.
'enable_previews' => true,
The maximum width, in pixels, of a preview. A value of null means there is no limit.
'preview_max_y' => null,
The maximum height, in pixels, of a preview. A value of null means there is no limit.
'preview_max_scale_factor' => 10,
59
If a lot of small pictures are stored on the ownCloud instance and the preview system generates blurry previews, you
might want to consider setting a maximum scale factor. By default, pictures are upscaled to 10 times the original size.
A value of 1 or null disables scaling.
'preview_max_filesize_image' => 50,
max file size for generating image previews with imagegd (default behaviour) If the image is bigger, itll try other
preview generators, but will most likely show the default mimetype icon
Value represents the maximum filesize in megabytes Default is 50 Set to -1 for no limit
'preview_libreoffice_path' => '/usr/bin/libreoffice',
60
Chapter 5. Configuration
OCPreviewMSOfficeDoc
OCPreviewMSOffice2003
OCPreviewMSOffice2007
OCPreviewOpenDocument
OCPreviewStarOffice
5.7.12 LDAP
Global settings used by LDAP User and Group Backend
'ldapUserCleanupInterval' => 51,
defines the interval in minutes for the background job that checks user existance and marks them as ready to be cleaned
up. The number is always minutes. Setting it to 0 disables the feature.
See command line (occ) methods ldap:show-remnants and user:delete
5.7.13 Maintenance
These options are for halting user activity when you are performing server maintenance.
'maintenance' => false,
When set to true, the ownCloud instance will be unavailable for all users who are not in the admin group.
5.7.14 SSL
'forcessl' => false,
Change this to true to require HTTPS for all connections, and to reject HTTP requests.
'openssl' => array(
'config' => '/absolute/location/of/openssl.cnf',
),
61
5.7.15 Miscellaneous
'blacklisted_files' => array('.htaccess'),
Blacklist a specific file or files and disallow the upload of files with this name. .htaccess is blocked by default.
WARNING: USE THIS ONLY IF YOU KNOW WHAT YOU ARE DOING.
'share_folder' => '/',
Define a default folder for shared files and folders other than root.
'theme' => '',
If you are applying a theme to ownCloud, enter the name of the theme here.
The default location for themes is owncloud/themes/.
'xframe_restriction' => true,
X-Frame-Restriction is a header which prevents browsers from showing the site inside an iframe. This is be used to
prevent clickjacking. It is risky to disable this, so leave it set at true.
'cipher' => 'AES-256-CFB',
The default cipher for encrypting files. Currently AES-128-CFB and AES-256-CFB are supported.
'memcached_servers' => array(
// hostname, port and optional weight. Also see:
// http://www.php.net/manual/en/memcached.addservers.php
// http://www.php.net/manual/en/memcached.addserver.php
array('localhost', 11211),
//array('other.host.local', 11211),
),
Server details for one or more memcached servers to use for memory caching.
Memcache is only used if other memory cache options (xcache, apc, apcu) are not available.
'cache_path' => '',
Location of the cache folder, defaults to data/$user/cache where $user is the current user. When specified, the
format will change to $cache_path/$user where $cache_path is the configured cache directory and $user
is the user.
'quota_include_external_storage' => false,
EXPERIMENTAL: option whether to include external storage in quota calculation, defaults to false.
'filesystem_check_changes' => 1,
Specifies how often the filesystem is checked for changes made outside ownCloud.
62
Chapter 5. Configuration
0 -> Never check the filesystem for outside changes, provides a performance increase when its certain that no changes
are made directly to the filesystem
1 -> Check each file or folder at most once per request, recommended for general use if outside changes might happen.
2 -> Check every time the filesystem is used, causes a performance hit when using external storages, not recommended
for regular use.
'asset-pipeline.enabled' => false,
All css and js files will be served by the web server statically in one js file and one css file if this is set to true.
'mount_file' => 'data/mount.json',
When true, prevent ownCloud from changing the cache due to changes in the filesystem for all storage.
'objectstore' => array(
'class' => 'OC\\Files\\ObjectStore\\Swift',
'arguments' => array(
// trystack will user your facebook id as the user name
'username' => 'facebook100000123456789',
// in the trystack dashboard go to user -> settings -> API Password to
// generate a password
'password' => 'Secr3tPaSSWoRdt7',
// must already exist in the objectstore, name can be different
'container' => 'owncloud',
// create the container if it does not exist. default is false
'autocreate' => true,
// required, dev-/trystack defaults to 'RegionOne'
'region' => 'RegionOne',
// The Identity / Keystone endpoint
'url' => 'http://8.21.28.222:5000/v2.0',
// required on dev-/trystack
'tenantName' => 'facebook100000123456789',
// dev-/trystack uses swift by default, the lib defaults to 'cloudFiles'
// if omitted
'serviceName' => 'swift',
),
),
The example below shows how to configure ownCloud to store all files in a swift object storage.
It is important to note that ownCloud in object store mode will expect exclusive access to the object store container
because it only stores the binary data for each file. The metadata is currently kept in the local database for performance
reasons.
WARNING: The current implementation is incompatible with any app that uses direct file IO and circumvents our
virtual filesystem. That includes Encryption and Gallery. Gallery will store thumbnails directly in the filesystem and
encryption will cause severe overhead because key files need to be fetched in addition to any requested file.
One way to test is applying for a trystack account at http://trystack.org/
63
Custom CSP policy, changing this will overwrite the standard policy
'secret' => 'ICertainlyShouldHaveChangedTheDefaultSecret',
Secret used by ownCloud for various purposes, e.g. to encrypt data. If you lose this string there will be data corruption.
5.8.1 Parameters
You can customize the download links to meet your specific requirements for any of the synchronization clients in the
config/config.php file:
64
Chapter 5. Configuration
<?php
"customclient_desktop" => "http://owncloud.org/sync-clients/",
"customclient_android" => "https://play.google.com/store/apps/details?id=com.owncloud.android",
"customclient_ios"
=> "https://itunes.apple.com/us/app/owncloud/id543672169?mt=8",
5.9.1 Requirements
Choosing to use MySQL / MariaDB, PostgreSQL, or Oracle as your database requires that you install and set up the
server software first.
Note: The steps for configuring a third party database are beyond the scope of this document. Please refer to the
documentation for your specific database choice for instructions.
5.9.2 Parameters
For setting up ownCloud to use any database, use the instructions in Installation Wizard. You should not have to edit
the respective values in the config/config.php. However, in special cases (for example, if you want to connect
your ownCloud instance to a database created by a previous installation of ownCloud), some modification might be
required.
Configuring a MySQL or MariaDB Database
If you decide to use a MySQL or MariaDB database, ensure the following:
That you have installed and enabled the MySQL extension in PHP
That the mysql.default_socket points to the correct socket (if the database runs on same server as ownCloud).
Note: MariaDB is backwards compatible with MySQL. All instructions work for both. You will not need to replace
mysql with anything.
The PHP configuration in /etc/php5/conf.d/mysql.ini could look like this:
65
Now you need to create a database user and the database itself by using the MySQL command line interface. The
database tables will be created by ownCloud when you login for the first time.
To start the MySQL command line mode use:
mysql -uroot -p
Then a mysql> or MariaDB [root]> prompt will appear. Now enter the following lines and confirm them with the
enter key:
CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';
CREATE DATABASE IF NOT EXISTS owncloud;
GRANT ALL PRIVILEGES ON owncloud.* TO 'username'@'localhost' IDENTIFIED BY 'password';
An ownCloud instance configured with MySQL would contain the hostname on which the database is running, a valid
username and password to access it, and the name of the database. The config/config.php as created by the
Installation Wizard would therefore contain entries like this:
<?php
"dbtype"
"dbname"
"dbuser"
"dbpassword"
"dbhost"
"dbtableprefix"
=>
=>
=>
=>
=>
=>
"mysql",
"owncloud",
"username",
"password",
"localhost",
"oc_",
SQLite Database
If you decide to use a SQLite database make sure that you have installed and enabled the SQLite extension in PHP.
The PHP configuration in /etc/php5/conf.d/sqlite3.ini could look like this:
66
Chapter 5. Configuration
It is not necessary to create a database and a database user in advance because this will automatically be done by
ownCloud when you login for the first time.
An ownCloud instance configured to use sqlite only needs to contain the reference to a writable data directory (which
is required for successful operation of ownCloud in general anyway). The config/config.php as created by the
Installation Wizard could therefore contain entries like this:
<?php
"dbtype"
"dbname"
"dbuser"
"dbpassword"
"dbhost"
"dbtableprefix"
"datadirectory"
=>
=>
=>
=>
=>
=>
=>
"sqlite",
"owncloud",
"",
"",
"",
"",
"/var/www/html/owncloud/data",
PostgreSQL Database
If you decide to use a PostgreSQL database make sure that you have installed and enabled the PostgreSQL extension
in PHP. The PHP configuration in /etc/php5/conf.d/pgsql.ini could look like this:
# configuration for PHP PostgreSQL module
extension=pdo_pgsql.so
extension=pgsql.so
[PostgresSQL]
pgsql.allow_persistent = On
pgsql.auto_reset_persistent = Off
pgsql.max_persistent = -1
pgsql.max_links = -1
pgsql.ignore_notice = 0
pgsql.log_notice = 0
The default configuration for PostgreSQL (at least in Ubuntu 14.04) is to use the peer authentication method. Check
/etc/postgresql/9.3/main/pg_hba.conf to find out which authentication method is used in your setup.
To start the postgres command line mode use:
sudo -u postgres psql -d template1
Then a template1=# prompt will appear. Now enter the following lines and confirm them with the enter key:
CREATE USER username CREATEDB;
CREATE DATABASE owncloud OWNER username;
67
An ownCloud instance configured with PostgreSQL would contain the path to the socket on which the database is
running as the hostname, the system username the php process is using, and an empty password to access it, and the
name of the database. The config/config.php as created by the Installation Wizard would therefore contain
entries like this:
<?php
"dbtype"
"dbname"
"dbuser"
"dbpassword"
"dbhost"
"dbtableprefix"
=>
=>
=>
=>
=>
=>
"pgsql",
"owncloud",
"username",
"",
"/var/run/postgresql",
"oc_",
Note: The host actually points to the socket that is used to connect to the database. Using localhost here will not
work if postgreSQL is configured to use peer authentication. Also note, that no password is specified, because this
authentication method doesnt use a password.
If you use another authentication method (not peer), youll need to use the following steps to get the database setup:
Now you need to create a database user and the database itself by using the PostgreSQL command line interface. The
database tables will be created by ownCloud when you login for the first time.
To start the postgres command line mode use:
psql -hlocalhost -Upostgres
Then a postgres=# prompt will appear. Now enter the following lines and confirm them with the enter key:
CREATE USER username WITH PASSWORD 'password';
CREATE DATABASE owncloud TEMPLATE template0 ENCODING 'UNICODE';
ALTER DATABASE owncloud OWNER TO username;
GRANT ALL PRIVILEGES ON DATABASE owncloud TO username;
An ownCloud instance configured with PostgreSQL would contain the hostname on which the database is running, a
valid username and password to access it, and the name of the database. The config/config.php as created by
the Installation Wizard would therefore contain entries like this:
<?php
"dbtype"
"dbname"
"dbuser"
"dbpassword"
"dbhost"
"dbtableprefix"
68
=>
=>
=>
=>
=>
=>
"pgsql",
"owncloud",
"username",
"password",
"localhost",
"oc_",
Chapter 5. Configuration
Oracle Database
If you are deploying to an Oracle database make sure that you have installed and enabled the Oracle extension in PHP.
The PHP configuration in /etc/php5/conf.d/oci8.ini could look like this:
# configuration for PHP Oracle extension
extension=oci8.so
Make sure that the Oracle environment has been set up for the process trying to use the Oracle extension.
For a local Oracle XE installation this can be done by exporting the following environment variables (eg. in
/etc/apache2/envvars for Apache)
export ORACLE_HOME=/u01/app/oracle/product/11.2.0/xe
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$ORACLE_HOME/lib
Installing and configuring Oracle support for PHP is way out of scope for this document. The official Oracle documentation called The Underground PHP and Oracle Manual should help you through the process.
Creating a database user for ownCloud can be done by using the sqlplus command line interface or the Oracle Application Express web interface. The database tables will be created by ownCloud when you login for the first time.
To start the Oracle command line mode with a DBA account use:
sqlplus system AS SYSDBA
After entering the password a SQL> prompt will appear. Now enter the following lines and confirm them with the
enter key:
CREATE USER owncloud IDENTIFIED BY password;
ALTER USER owncloud DEFAULT TABLESPACE users
TEMPORARY TABLESPACE temp
QUOTA unlimited ON users;
GRANT create session
, create table
, create procedure
, create sequence
, create trigger
, create view
, create synonym
, alter session
TO owncloud;
Note: In Oracle creating a user is the same as creating a database in other RDBMs, so no CREATE DATABASE
statement is necessary.
You can quit the prompt by entering:
exit
An ownCloud instance configured with Oracle would contain the hostname on which the database is running, a valid
username and password to access it, and the name of the database. The config/config.php as created by the
Installation Wizard would therefore contain entries like this:
69
<?php
"dbtype"
"dbname"
"dbuser"
"dbpassword"
"dbhost"
=>
=>
=>
=>
=>
"oci",
"XE",
"owncloud",
"password",
"localhost",
Note: This example assumes you are running an Oracle Express Edition on localhost. The dbname is the name
of the Oracle instance. For Oracle Express Edition it is always XE.
5.9.3 Troubleshooting
How can I find out if my MySQL/PostgreSQL server is reachable?
To check the servers network availability, use the ping command on the servers host name (db.server.com in this
example):
ping db.server.dom
For a more detailed check whether the access to the database server software itself works correctly, see the next
question.
How can I find out if a created user can access a database?
The easiest way to test if a database can be accessed is by starting the command line interface:
SQLite:
sqlite3 /www/htdocs/owncloud/data/owncloud.db
sqlite> .version
SQLite 3.7.15.1 2012-12-19 20:39:10 6b85b767d0ff7975146156a99ad673f2c1a23318
sqlite> .quit
MySQL:
Assuming the database server is installed on the same sytem youre running, the command from, use:
mysql -uUSERNAME -p
To acess a MySQL installation on a different machine, add the -h option with the respective host name:
mysql -uUSERNAME -p -h HOSTNAME
70
Chapter 5. Configuration
PostgreSQL:
Assuming the database server is installed on the same sytem youre running the command from, use:
psql -Uusername -downcloud
To acess a MySQL installation on a different machine, add the -h option with the respective host name:
psql -Uusername -downcloud -h HOSTNAME
Oracle:
On the machine where your Oracle database is installed, type:
sqlplus username
71
SQLite
:
MySQL
:
PostgreSQL:
Oracle
:
.tables
USE owncloud; SHOW TABLES;
\c owncloud; \d
SELECT table_name FROM user_tables;
Quit Database:
SQLite
:
MySQL
:
PostgreSQL:
Oracle
:
.quit
quit
\q
quit
72
Chapter 5. Configuration
With the new wizard, connecting ownCloud to your mail server is fast and easy. The wizard fills in the values in
config/config.php, so you may use either or both as you prefer.
The ownCloud Email wizard supports three types of mail server connections: SMTP, PHP, and Sendmail. Use the
SMTP configurator for a remote server, and PHP or Sendmail when your mail server is on the same machine as
ownCloud.
Note: The Sendmail option refers to the Sendmail SMTP server, and any drop-in Sendmail replacement such as
Postfix, Exim, or Courier. All of these include a sendmail binary, and are freely-interchangeable.
Your changes are saved immediately, and you can click the Send Email button to test your configuration. This sends a
test message to the email address you configured on your Personal page. The test message says:
If you received this email, the settings seem to be correct.
-ownCloud
web services under your control
73
How do you decide which one to use? PHP mode uses your local sendmail binary. Use this if you want to use
php.ini to control some of your mail server functions, such as setting paths, headers, or passing extra command
options to the sendmail binary. These vary according to which server you are using, so consult your servers
documentation to see what your options are.
In most cases the smtp option is best, because it removes the extra step of passing through PHP, and you can control
all of your mail server options in one place, in your mail server configuration.
74
Chapter 5. Configuration
<?php
echo str_replace('{link}', $_['link'], $l->t('Use the following link to
reset your password: {link}'));
You could change the text portion of the template, Use the following link to reset your
password: to say something else, such as Click the following link to reset your password.
If you did not ask for a password reset, ignore this message.
Again, be very careful to change nothing but the message text, because the tiniest coding error will break the template.
Note: You can edit the templates directly in the template text box, or you can copy and paste them to a text editor for
modification and then copy and paste them back to the template text box for use when you are done.
=> "smtp",
=> "smtp-1.server.dom;smtp-2.server.dom:425",
=> 25,
or
<?php
"mail_smtpmode"
"mail_smtphost"
"mail_smtpport"
=> "smtp",
=> "smtp.server.dom",
=> 425,
If a malware or SPAM scanner is running on the SMTP server it might be necessary that you increase the SMTP
timeout to e.g. 30s:
<?php
"mail_smtptimeout"
=> 30,
If the SMTP server accepts insecure connections, the default setting can be used:
75
<?php
"mail_smtpsecure"
=> '',
If the SMTP server only accepts secure connections you can choose between the following two variants:
SSL
A secure connection will be initiated using the outdated SMTPS protocol which uses the port 465/tcp:
<?php
"mail_smtphost"
"mail_smtpsecure"
=> "smtp.server.dom:465",
=> 'ssl',
TLS
A secure connection will be initiated using the STARTTLS protocol which uses the default port 25/tcp:
<?php
"mail_smtphost"
"mail_smtpsecure"
=> "smtp.server.dom",
=> 'tls',
And finally it is necessary to configure if the SMTP server requires authentication, if not, the default values can be
taken as is.
<?php
"mail_smtpauth"
=> false,
"mail_smtpname"
=> "",
"mail_smtppassword" => "",
If SMTP authentication is required you have to set the required username and password and can optionally choose
between the authentication types LOGIN (default) or PLAIN.
<?php
"mail_smtpauth"
"mail_smtpauthtype"
"mail_smtpname"
"mail_smtppassword"
=>
=>
=>
=>
true,
"LOGIN",
"username",
"password",
PHP mail
If you want to use PHP mail it is necessary to have an installed and working email system on your server. Which
program in detail is used to send email is defined by the configuration settings in the php.ini file. (On *nix systems
this will most likely be Sendmail.) ownCloud should be able to send email out of the box.
76
Chapter 5. Configuration
<?php
"mail_smtpmode"
"mail_smtphost"
"mail_smtpport"
"mail_smtptimeout"
"mail_smtpsecure"
"mail_smtpauth"
"mail_smtpauthtype"
"mail_smtpname"
"mail_smtppassword"
=>
=>
=>
=>
=>
=>
=>
=>
=>
"php",
"127.0.0.1",
25,
10,
"",
false,
"LOGIN",
"",
"",
Sendmail
If you want to use the well known Sendmail program to send email, it is necessary to have an installed and working
email system on your *nix server. The sendmail binary (/usr/sbin/sendmail) is usually part of that system. ownCloud
should be able to send email out of the box.
<?php
"mail_smtpmode"
"mail_smtphost"
"mail_smtpport"
"mail_smtptimeout"
"mail_smtpsecure"
"mail_smtpauth"
"mail_smtpauthtype"
"mail_smtpname"
"mail_smtppassword"
=>
=>
=>
=>
=>
=>
=>
=>
=>
"sendmail",
"127.0.0.1",
25,
10,
"",
false,
"LOGIN",
"",
"",
qmail
If you want to use the qmail program to send email, it is necessary to have an installed and working qmail email system
on your server. The sendmail binary (/var/qmail/bin/sendmail) will then be used to send email. ownCloud should be
able to send email out of the box.
<?php
"mail_smtpmode"
"mail_smtphost"
"mail_smtpport"
"mail_smtptimeout"
"mail_smtpsecure"
"mail_smtpauth"
"mail_smtpauthtype"
"mail_smtpname"
"mail_smtppassword"
=>
=>
=>
=>
=>
=>
=>
=>
=>
"qmail",
"127.0.0.1",
25,
10,
"",
false,
"LOGIN",
"",
"",
77
5.10.6 Troubleshooting
If you are unable to send email, try turning on debugging. Do this by enabling the mail_smtpdebug parameter
in config/config.php.
<?php
"mail_smtpdebug" => true;
Note: Immediately after pressing the Send email button, as described before, several SMTP -> get_lines(): ...
messages appear on the screen. This is expected behavior and can be ignored.
Question: Why is my web domain different from my mail domain?
Answer: The default domain name used for the sender address is the hostname where your ownCloud installation is
served. If you have a different mail domain name you can override this behavior by setting the following configuration
parameter:
<?php
"mail_domain" => "example.com",
This setting results in every email sent by ownCloud (for example, the password reset email) having the domain part
of the sender address appear as follows:
[email protected]
Question: How can I find out if the SMTP server is listening on a specific TCP port?
Answer: The best way to get mail server information is to ask your mail server admin. If you are the mail server
admin, or need information in a hurry, you can use the netstat command. This example shows all active servers on
your system, and the ports they are listening on. The SMTP server is listening on localhost port 25.
# netstat -pant
78
Chapter 5. Configuration
ID/Program name
4418/cupsd
2245/exim4
1524/mysqld
Trying 192.168.1.10...
Connected to smtp.domain.dom.
Escape character is '^]'.
220 smtp.domain.dom ESMTP Exim 4.80.1 Tue, 22 Jan 2013 22:39:55 +0100
EHLO your-server.local.lan
# <<< enter this command
250-smtp.domain.dom Hello your-server.local.lan [ip-address]
250-SIZE 52428800
250-8BITMIME
250-PIPELINING
250-AUTH PLAIN LOGIN CRAM-MD5
# <<< Supported auth protocols
250-STARTTLS
# <<< Encryption is supported
250 HELP
QUIT
# <<< enter this command
221 smtp.domain.dom closing connection
Connection closed by foreign host.
79
Note: Immediately after pressing the Send email button, as described before, several SMTP -> get_lines(): ...
messages appear on the screen. This is expected behavior and can be ignored.
80
Chapter 5. Configuration
When you log out and then log back in, your encryption keys are initialized and your files are encrypted. This is a
one-time process, and it will take a few minutes depending on how many files you have.
When the encryption process is complete youll be returned to your default ownCloud page. Every user will go through
this process when they log in after you enable encryption, and each user will get unique encryption keys. Users can
change their passwords whenever they want on their Personal pages, and ownCloud will update their encryption keys
automatically/
81
but will not be able to open or download the files. They will see a yellow warning banner that says Encryption App
is enabled but your keys are not initialized, please log-out and log-in again.
Share owners may need to re-share files after encryption is enabled; users trying to access the share will see a message
advising them to ask the share owner to re-share the file with them. For individual shares, un-share and re-share the
file. For group shares, share with any individuals who cant access the share. This updates the encryption, and then
the share owner can remove the individual shares.
Go to your Personal page and enter your password in the Encryption removal form, and your files will all be decrypted.
Your users will also have to follow this step to decrypt their files. If something goes wrong with decryption, click the
Restore Encryption Keys button to re-encrypt your files, and then review your logfile to see what happened.
82
Chapter 5. Configuration
Then your users have the option of enabling password recovery on their Personal pages. If they do not do this, then
the Recovery Key wont work for them.
For users who have enabled password recovery, give them a new password and recover access to their encrypted files
by supplying the Recovery Key on the Users page.
83
For example, in a typical installation on a 64-bit Windows 7 system it looks like this:
'openssl' => array(
'config' => 'C:\OpenSSL-Win64\openssl.cnf',
),
There are many ways to configure OpenSSL, so be sure to verify your correct file location.
84
Chapter 5. Configuration
After enabling it, go to your Admin page to set up your external storage mounts.
When your configuration is correct youll see a green light at the left, and if it isnt youll see a red light.
Check Enable User External Storage to allow your users to mount their own external storage services, and
check the services you want to allow.
After creating your external storage mounts, you can share them and control permissions just like any other ownCloud
share.
85
86
Chapter 5. Configuration
In the Configuration field enter the full filepath of the directory you want to mount.
In the Available for field enter the users or groups who have permission to access the mount.
5.12.4 Amazon S3
All you need to connect your Amazon S3 buckets to ownCloud is your S3 Access Key, Secret Key, and your bucket
name.
In the Folder name field enter the folder name that you want to appear on your ownCloud Files page.
In the Access Key field enter your S3 Access Key.
In the Secret Key field enter your S3 Secret Key.
In the Bucket field enter the name of your S3 bucket you want to share.
In the Available for field enter the users or groups who have permission to access your S3 mount.
The hostname, port, and region of your S3 server are optional; you will need to use these for non-Amazon S3compatible servers.
87
5.12.5 Dropbox
Connecting Dropbox is a little more work because you have to create a Dropbox app. Log into the Dropbox Developers
page and click App Console:
If you have not already created any Dropbox apps it will ask you to accept their terms and conditions. Then you are
presented with the choice to create either a Drop-ins App or a Dropbox API App. Click Dropbox API App, and
then check:
Files and datastores.
No My app needs access to files already on Dropbox.
All file types My app needs access to a users full Dropbox. Only supported via the CoreAPI.
Then enter whatever name you want for your app.
Now click the Create App button. Under Status, do not click Development (Apply for production
status) because that is for apps that you want to release publicly.
Click Enable additional users to allow multiple oC users to use your new Dropbox share.
Note your App key and App secret, which you will enter in the External Storage form on your ownCloud Admin page.
You need two Redirect URIs. You may use localhost as the hostname for testing because you dont need to
use HTTPS, but this is not recommended for production use because it sends all traffic in the clear:
http://localhost/owncloud/index.php/settings/personal
http://localhost/owncloud/index.php/settings/admin
Your ownCloud configuration requires only the local mount name, the App Key and the App Secret, and which users
or groups have access to the share.
You must be logged into Dropbox, and when ownCloud successfully verifies your connection Dropbox will ask for
verification to connect to your Dropbox account. Click Allow, and youre done.
88
Chapter 5. Configuration
89
90
Chapter 5. Configuration
5.12.6 FTP/FTPS/SFTP
Connecting to an FTP server requires:
Whatever name you want for your local mountpoint.
The URL of your FTP server.
FTP server username and password.
The FTP directory to mount in ownCloud. ownCloud defaults to the root directory. When you specify a different directory you must leave off the leading slash. For example, if you want to connect your
public_html/images directory, then type it exactly like that.
Choose whether to connect in the clear with ftp://, or to encrypt your FTP session with SSL/TLS over
ftps:// (Your FTP server must be configured to support ftps://)
Enter the ownCloud users or groups who are allowed to access the share.
SFTP uses SSH rather than SSL, as FTPS does, so your SFTP sessions are always safely tucked inside an SSH tunnel.
To connect an SFTP server you need:
Whatever name you want for your local mountpoint.
The URL of your SFTP server.
SFTP server username and password.
The SFTP directory to mount in ownCloud.
The ownCloud users or groups who are allowed to access the share.
91
92
Chapter 5. Configuration
The next screen is your Project Dashboard. In the left sidebar click APIs & Auth > APIs, and then enable
the Drive API and Drive SDK by toggling the boxes in the far-right Status column to the green On buttons.
This brings you to the Google Drive SDK screen. Click API Access.
This opens the API Access screen. Click the Create a 0Auth 2.0 Client ID button.
The next screen that opens is Create Client ID: Branding Information. Google requires to you to fill
this out. When youre finished move on to the Create Client ID: Client ID Settings screen.
The Application Type is Web application.
Click Your site or hostname (more options) to expose Authorized Redirect URIs. Enter two
Redirect URIs like these examples, replacing https://example.com/owncloud/ with your own ownCloud
server URL. You must use a registered domain name, and you cannot use the servers IP address.
https://example.com/owncloud/index.php/settings/personal https://example.com/owncloud/index.php/settings/admin
Click Create client ID and youll see a screen like this:
This contains your Client ID and Client Secret, which you need to set up your ownCloud connection. Go to
your Admin page in ownCloud, create your new folder name, enter the Client ID and Client Secret, select your users
and groups, and click Grant Access.
Google will open a dialogue asking for permission to connect to ownCloud. Click Accept and youre finished.
93
94
Chapter 5. Configuration
95
5.12.8 SMB/CIFS
You can mount SMB/CIFS file shares on ownCloud servers that run on Linux. This only works on Linux ownCloud
servers because you must have smbclient installed. SMB/CIFS file servers include any Windows file share, Samba
servers on Linux and other Unix-type operating systems, and NAS appliances.
You need the following information:
Folder name Whatever name you want for your local mountpoint.
Host The URL of the Samba server.
Username The username or domain/username used to login to the Samba server.
Password The password to login to the Samba server.
Share The share on the Samba server to mount.
Root The folder inside the Samba share to mount (optional, defaults to /). To assign the ownCloud logon
username automatically to the subfolder, use $user instead of a particular subfolder name.
And finally, the ownCloud users and groups who get access to the share.
Chapter 5. Configuration
Bucket
Region
API Key
Tenantname
Password
Service Name
URL of identity Endpoint
Timeout of HTTP request
97
replaced by the user login. The template $user can be used in the mount point or backend options. As of writing the
following storage backends are available for use:
Local file system
FTP (or FTPS)
SFTP
SMB
WebDAV
Amazon S3
Dropbox
Google Drive
OpenStack Swift
Please keep in mind that some formatting has been applied and carriage returns have been added for better readability.
In the data/mount.json all values need to be concatenated and written in a row without these modifications!
It is recommended to use the Web-GUI in the administrator panel to add, remove or modify mount options to prevent
any problems!
5.13.1 Example
{"group":{
"admin":{
"\/$user\/files\/Admin_Stuff":{
"class":"\\OC\\Files\\Storage\\Local",
"options":{ ... },
"priority":150
}
}
}
"user":{
"all":{
"\/$user\/files\/Pictures":{
"class":"\\OC\\Files\\Storage\\DAV",
"options":{ ... },
"priority":100
}
}
"someuser":{
"\/someuser\/files\/Music":{
"class":"\\OC\\Files\\Storage\\FTP",
"options":{ ... },
"priority":100
}
}
}
}
98
Chapter 5. Configuration
5.13.2 Priorities
An advanced feature is available, only configurable directly in data/mount.json, which allows mount configurations to have an associated priority. When two or more valid mount configurations exist for the same mount point, the
one with the highest priority (defined by the largest number) will take precedence and become the active mount for the
user.
Each backend has a default priority, assigned when a mount configuration with that backend is created. The default
priority will be shown in the example section for each backend below. Should a backend not provide a default priority,
a value of 100 will be used.
There is also a concept of priority types, to preserve compatibility with previous mount configuration parsing. Mount
configurations are evaluated in the following order, with later mount types always overriding a previous mount type:
user -> all : global mount configurations
group : group mount configurations
user (not all) : per-user mount configurations
data/$user/mount.json : personal mount configurations
5.13.3 Backends
Local Filesystem
The local filesystem backend mounts a folder on the server into the virtual filesystem, the class to be used is
\OC\Files\Storage\Local and takes the following options:
datadir : the path to the local directory to be mounted
Example
{ "class":"\\OC\\Files\\Storage\\Local",
"options":{ "datadir":"\/mnt\/additional_storage" },
"priority":150
}
Note: You must ensure that the web server has sufficient permissions on the folder.
99
Example
"class":"\\OC\\Files\\Storage\\FTP",
"options":{
"host":"ftp.myhost.com",
"user":"johndoe",
"password":"secret",
"root":"\/Videos",
"secure":"false"
},
"priority":100
Note: PHP needs to be build with FTP support for this backend to work.
SFTP
The SFTP backend mounts a folder on a remote SSH server into the virtual filesystem and is part of the External
storage support app. The class to be used is \OC\Files\Storage\SFTP and takes the following options:
host: the hostname of the SSH server
user: the username used to login to the SSH server
password: the password to login on the SSH server
root: the folder inside the SSH server to mount (optional, defaults to /)
Example
"class":"\\OC\\Files\\Storage\\SFTP",
"options":{
"host":"ssh.myhost.com",
"user":"johndoe",
"password":"secret",
"root":"\/Books"
},
"priority":100
Note: PHP needs to be build with SFTP support for this backend to work.
SMB
The SMB backend mounts a folder on a remote Samba server, a NAS appliance or a Windows machine into the virtual
file system. It is part of the External storage support app, the class to be used is \OC\Files\Storage\SMB and takes
the following options:
host: the host name of the samba server
user: the username or domain/username to login on the samba server
100
Chapter 5. Configuration
Example
"class":"\\OC\\Files\\Storage\\SMB",
"options":{
"host":"myhost.com",
"user":"johndoe",
"password":"secret",
"share":"\/test",
"root":"\/Pictures"
},
"priority":100
"class":"\\OC\\Files\\Storage\\SMB",
"options":{
"host":"myhost.com",
"user":"domain\/johndoe",
"password":"secret",
"share":"\/test",
"root":"\/Pictures"
},
"priority":100
WebDAV
The WebDAV backend mounts a folder on a remote WebDAV server into the virtual filesystem and is part of the
External storage support app, the class to be used is \OC\Files\Storage\DAV and takes the following options:
host: the hostname of the webdav server.
user: the username used to login on the webdav server
password: the password to login on the webdav server
secure: whether to use https:// to connect to the webdav server instead of http:// (optional, defaults to false)
root: the folder inside the webdav server to mount (optional, defaults to /)
101
Example
"class":"\\OC\\Files\\Storage\\DAV",
"options":{
"host":"myhost.com\/webdav.php",
"user":"johndoe",
"password":"secret",
"secure":"true"
},
"priority":100
Amazon S3
The Amazon S3 backend mounts a bucket in the Amazon cloud into the virtual filesystem and is part of the External
storage support app, the class to be used is \OC\Files\Storage\AmazonS3 and takes the following options:
key: the key to login to the Amazon cloud
secret: the secret to login to the Amazon cloud
bucket: the bucket in the Amazon cloud to mount
Example
"class":"\\OC\\Files\\Storage\\AmazonS3",
"options":{
"key":"key",
"secret":"secret",
"bucket":"bucket"
},
"priority":100
Dropbox
The Dropbox backend mounts a dropbox in the Dropbox cloud into the virtual filesystem and is part of the External
storage support app, the class to be used is \OC\Files\Storage\Dropbox and takes the following options:
configured: whether the drive has been configured or not (true or false)
app_key: the app key to login to your Dropbox
app_secret: the app secret to login to your Dropbox
token: the OAuth token to login to your Dropbox
token_secret: the OAuth secret to login to your Dropbox
Example
102
Chapter 5. Configuration
"class":"\\OC\\Files\\Storage\\Dropbox",
"options":{
"configured":"#configured",
"app_key":"key",
"app_secret":"secret",
"token":"#token",
"token_secret":"#token_secret"
},
"priority":100
Google Drive
The Google Drive backend mounts a share in the Google cloud into the virtual filesystem and is part of the External
storage support app, the class to be used is \OC\Files\Storage\Google and is done via an OAuth2.0 request. That
means that the App must be registered through the Google APIs Console. The result of the registration process is a set
of values (incl. client_id, client_secret). It takes the following options:
configured: whether the drive has been configured or not (true or false)
client_id: the client id to login to the Google drive
client_secret: the client secret to login to the Google drive
token: a compound value including access and refresh tokens
Example
"class":"\\OC\\Files\\Storage\\Google",
"options":{
"configured":"#configured",
"client_id":"#client_id",
"client_secret":"#client_secret",
"token":"#token"
},
"priority":100
OpenStack Swift
The Swift backend mounts a container on an OpenStack Object Storage server into the virtual filesystem and is part of
the External storage support app, the class to be used is \OC\Files\Storage\SWIFT and takes the following options:
host: the hostname of the authentication server for the swift storage.
user: the username used to login on the swift server
token: the authentication token to login on the swift server
secure: whether to use ftps:// to connect to the swift server instead of ftp:// (optional, defaults to false)
root: the container inside the swift server to mount (optional, defaults to /)
103
Example
"class":"\\OC\\Files\\Storage\\SWIFT",
"options":{
"host":"swift.myhost.com\/auth",
"user":"johndoe",
"token":"secret",
"root":"\/Videos",
"secure":"true"
},
"priority":100
104
Chapter 5. Configuration
105
106
Chapter 5. Configuration
This what a local share looks like. The user creating the share controls re-sharing, editing, updating, and deletion
privileges:
Note: In older versions of ownCloud, you could set an expiration date on both local and public shares. Now you can
set an expiration date only on public shares, and local shares do not expire when public shares expire. The only way
to expire a local share is to click the trash can icon to un-share your files.
107
5.16.1 Parameters
<?php
'asset-pipeline.enabled' => true,
5.17.1 Parameters
If you want to disable the ownCloud help menu item you can use the knowledgebaseenabled parameter inside the
config/config.php. The knowledgebaseurl parameter is used to set the http path to the ownCloud help page.
The server should support OCS.
<?php
"knowledgebaseenabled" => true,
"knowledgebaseurl"
=> "http://api.apps.owncloud.com/v1",
Note: Disabling the help menu item might increase the number of support request you have to answer in the future
5.18.1 Parameters
<?php
"default_language" => "en",
108
Chapter 5. Configuration
5.19.1 Parameters
First you need to decide in which way logging should be done. You can choose between the two options owncloud
and syslog. Then you need to configure the log level which directly influences how much information will be logged.
You can choose between:
0: DEBUG
1: INFO
2: WARN
3: ERROR
4: FATAL
The most detailed information will be written if 0 (DEBUG) is set, the least information will be written if 3 (ERROR)
is set. Keep in mind that it might slow down the whole system if a too detailed logging will has been configured. By
default the log level is set to 2 (WARN).
This parameters can be set in the config/config.php
ownCloud
All log information will be written to a separate log file which can be viewed using the log menu in the admin menu
of ownCloud. By default a log file named owncloud.log will be created in the directory which has been configured by
the datadirectory parameter.
The desired date format can optionally be defined using the logdateformat. By default the PHP date function parameter c is used and therefore the date/time is written in the format 2013-01-10T15:20:25+02:00. By using the date
format in the example the date/time format will be written in the format January 10, 2013 15:20:25.
<?php
"log_type" => "owncloud",
"logfile" => "owncloud.log",
"loglevel" => "3",
"logdateformat" => "F d, Y H:i:s",
syslog
All log information will be send to the default syslog daemon of a system.
<?php
"log_type" => "syslog",
"logfile" => "",
"loglevel" => "3",
109
Manage apps
Upgrade the ownCloud database
Reset passwords, including administrator passwords
Convert the ownCloud database from SQLite to a more performant DB
Query and change LDAP settings
occ is in the owncloud/ directory; for example /var/www/owncloud on Ubuntu Linux. occ is a PHP script.
The preferred way to run it is as your HTTP user. Running it with no options lists all commands and options, like this
example on Ubuntu:
$ sudo -u www-data php occ
occ has options, commands, and arguments. Options and arguments are optional, while commands are required. The
syntax is:
occ [options] command [arguments]
Get detailed information on individual commands with the help command, like this example for the
maintenance:mode command:
$ sudo -u www-data php occ help maintenance:mode
Usage:
110
Chapter 5. Configuration
Putting your ownCloud server into single-user mode allows admins to log in and work, but not ordinary users. This is
useful for performing maintenance and troubleshooting on a running server:
$ sudo -u www-data php occ maintenance:singleuser --on
Single user mode enabled
The maintenance:repair command runs automatically during upgrades to clean up the database, so while you
can run it manually there usually isnt a need to:
$ sudo -u www-data php occ maintenance:repair
- Repair mime types
- Repair config
111
Generate a simple report that counts all users, including users on external user authentication servers such as LDAP:
$ sudo -u www-data php occ user:report
+------------------+----+
| User Report
|
|
+------------------+----+
| Database
| 12 |
| LDAP
| 86 |
|
|
|
| total users
| 98 |
|
|
|
| user directories | 2 |
+------------------+----+
Enable an app:
$ sudo -u www-data php occ app:enable external
external enabled
Disable an app:
$ sudo -u www-data php occ app:disable external
external disabled
112
Chapter 5. Configuration
Before completing the upgrade, ownCloud first runs a simulation by copying all database tables to a temporary
directory and then performing the upgrade on them, to ensure that the upgrade will complete correctly. This
takes twice as much time, which on large installations can be many hours, so you can omit this step with the
--skip-migration-test option:
$ sudo -u www-data php occ upgrade --skip-migration-test
You can perform this simulation manually with the --dry-run option:
$ sudo -u www-data php occ upgrade --dry-run
For a more detailed explanation see Converting From SQLite to MySQL, MariaDB, or PostgreSQL
You can see your whole LDAP configuration, or the configuration for a single configID:
$ sudo -u www-data php occ ldap:show-config
$ sudo -u www-data php occ ldap:show-config s01
The ldap:set-config command is for manipulating configurations, like this example that sets search attributes:
113
ldap:test-config tests whether your configuration is correct can bind to the server:
$ sudo -u www-data php occ ldap:test-config ""
The configuration is valid and the connection could be established!
114
Chapter 5. Configuration
various office documents. Due to security concerns those providers have been disabled by default and are considered
unsupported. While those providers are still available, we discourage enabling them, and they are not documented.
5.21.1 Parameters
Please notice that the ownCloud preview system comes already with sensible defaults, and therefore it is usually
unecessary to adjust those configuration values.
Disabling previews:
Under certain circumstances, for example if the server has only very limited resources, you might want to consider
disabling the generation of previews. Set the configuration option enable_previews in config.php to false:
<?php
'enable_previews' => false,
By default, both options are set to null. Null is equal to no limit. Numeric values represent the size in pixels. The
following code limits previews to a maximum size of 100100px:
<?php
'preview_max_x' => 100,
'preview_max_y' => 100,
If you want to disable scaling at all, you can set the config value to 1:
<?php
'preview_max_scale_factor' => 1,
If you want to disable the maximum scaling factor, you can set the config value to null:
115
<?php
'preview_max_scale_factor' => null,
5.22.1 Parameters
If ownCloud fails to automatically detected the hostname, protocol or webroot you can use the overwrite parameters
inside the config/config.php. The overwritehost parameter is used to set the hostname of the proxy. You can
also specify a port. The overwriteprotocol parameter is used to set the protocol of the proxy. You can choose between
the two options http and https. The overwritewebroot parameter is used to set the absolute web path of the proxy
to the ownCloud folder. When you want to keep the automatic detection of one of the three parameters you can leave
the value empty or dont set it. The overwritecondaddr parameter is used to overwrite the values dependent on the
remote address. The value must be a regular expression of the IP addresses of the proxy. This is useful when you use
a reverse SSL proxy only for https access and you want to use the automatic detection for http access.
5.22.2 Example
Multiple Domains Reverse SSL Proxy
If you want to access your ownCloud installation http://domain.tld/owncloud via a multiple domains reverse SSL
proxy https://ssl-proxy.tld/domain.tld/owncloud with the IP address 10.0.0.1 you can set the following parameters
inside the config/config.php.
<?php
$CONFIG = array (
"overwritehost"
"overwriteprotocol"
"overwritewebroot"
"overwritecondaddr"
);
=>
=>
=>
=>
"ssl-proxy.tld",
"https",
"/domain.tld/owncloud",
"^10\.0\.0\.1$",
Note: If you want to use the SSL proxy during installation you have to create the config/config.php otherwise
you have to extend to existing $CONFIG array.
116
Chapter 5. Configuration
Using the Full-Text Search app is literally set-it-and-forget-it: all you do is enable it on your Apps page, and then it
automatically indexes all documents on your ownCloud server. It does not index files on remote storage services or
devices.
When you want to find a document, enter your search term in the search field at the upper right of your ownCloud
Web interface. You can run a search from any ownCloud page. Hover your cursor over any of your search results to
see what folder it is in, or click on the filename and it takes you to the folder.
Known limitations
It does not work with the Encryption app, because the background indexing process does not have access to the key
needed to decrypt files when the user is not logged in.
Not all PDF versions can be indexed because its text extraction may be incompatible with newer PDF versions.
117
2. To enable server-to-server sharing, and to allow remote users to mount your shares in their ownCloud 7 accounts,
check Allow other instances to mount public links shared from this server. Leaving
the checkbox blank disables server-to-server sharing.
3. You can enable the users on your local ownCloud server to mount public link shares by checking Allow users
to mount public link shares. When this is not checked your users cannot mount public link shares,
though they can view and download them.
4. Now go to your Files page and hover your cursor over the file or directory you want to share to expose the
administration options. Check the Share Link checkbox to create the share, and to expose all of your sharing
options.
Your new public share is labeled with a chain link. If you do not protect it with a password, it is visible to anyone who
has the URL. Users on other ownCloud 7 servers can mount it and use it just like any ownCloud share.
Un-check the Share Link checkbox to disable the share.
See Using Server-to-Server Sharing in the Users Manual to learn how to connect to a remote public share.
5.24.1 Notes
Your Apache Web server must have mod_rewrite enabled, and you must have trusted_domains configured
in config.php. Consider also enabling SSL to encrypt all traffic between your servers. (See Manual Installation
in the Administrators Manual to learn more about mod_rewrite, SSL, and alternative HTTP servers. See Installation
Wizard in the Administrators Manual to learn more about configuring trusted domains.)
118
Chapter 5. Configuration
Your ownCloud server creates the share link from the URL that you used to log into the server, so
make sure that you log into your server using a URL that is accessible to your users.
For example, if you log in via its LAN IP address, such as http://192.168.10.50, then your share
URL will be something like http://192.168.10.50/owncloud/public.php?service=files&t=
6b6fa9a714a32ef0af8a83dde358deec, which is not accessible outside of your LAN. This also applies to
using the server name; for access outside of your LAN you need to use a fully-qualified domain name such as
http://myserver.example.com, rather than http://myserver.
Configuration
Configuration of mod_xsendfile for ownCloud depends on its version. For versions below 0.10 (Debian squeeze ships
with 0.9)
<Directory /var/www/owncloud>
...
SetEnv MOD_X_SENDFILE_ENABLED 1
XSendFile On
XSendFileAllowAbove On
</Directory>
119
SetEnv MOD_X_SENDFILE_ENABLED: tells ownCloud scripts that they should add the X-Sendfile header
when serving files
XSendFile: enables web server handling of X-Sendfile headers (and therefore file serving) for the specified
Directory
XSendFileAllowAbove (<0.10): enables file serving through web server on path outside the specified Directory.
This is needed for configured local mounts which may reside outside data directory
XSendFilePath (>=0.10): a white list of paths that the web server is allowed to serve outside of the specified
Directory. Other paths which correspond to local mounts should be configured here as well. For a more in-depth
documentation of this directive refer to mod_xsendfile website linked above
allow-x-send-file: enables LigHTTPd to use X-Sendfile and X-Sendfile2 headers to serve files
bin-environment: is used to parse MOD_X_SENDFILE2_ENABLED to the ownCloud backend, to make it
use the X-Sendfile and X-Sendfile2 headers in its response
120
Chapter 5. Configuration
Configuration
Configuration is similar to Apache:
location ~ \.php(?:$|/) {
...
fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
}
location ^~ /data {
internal;
# Set 'alias' if not using the default 'datadirectory'
#alias /path/to/non-default/datadirectory;
#
#
#
#
#
LOCAL-MOUNT-NAME should match "Folder name" and 'alias' value should match "Configuration"
A 'Local' External Storage Mountpoint available to a single user
location /data/USER/files/LOCAL-FS-MOUNT-NAME {
alias /path/to/local-mountpoint;
}
#
#
#
#
#
#
#
#
121
Currently the External user support (user_external) app provides the following user backends:
5.27.1 IMAP
Provides authentication against IMAP servers
Class: OC_User_IMAP
Arguments: a mailbox string as defined in the PHP documentation
Example:
<?php
"user_backends" => array (
0 => array (
"class"
=> "OC_User_IMAP",
"arguments" => array (
0 => '{imap.gmail.com:993/imap/ssl}'
),
),
),
122
Chapter 5. Configuration
5.27.2 SMB
Provides authentication against Samba servers
Class: OC_User_SMB
Arguments: the samba server to authenticate against
Example:
<?php
"user_backends" => array (
0 => array (
"class"
=> "OC_User_SMB",
"arguments" => array (
0 => 'localhost'
),
),
),
5.27.3 FTP
Provides authentication against FTP servers
Class: OC_User_FTP
Arguments: the FTP server to authenticate against
Example:
<?php
"user_backends" => array (
0 => array (
"class"
=> "OC_User_FTP",
"arguments" => array (
0 => 'localhost'
),
),
),
123
5.28.1 Configuration
First enable the LDAP user and group backend app on the Apps page in ownCloud. Then go to your Admin
page to configure it.
The LDAP configuration panel has four tabs. A correctly completed first tab (Server) is mandatory to access the
other tabs. A green indicator lights when the configuration is correct. Hover your cursor over the fields to see some
pop-up tooltips.
Server Tab
Start with the Server tab. You may configure multiple servers if you have them. At a minimum you must supply the
LDAP servers hostname. If your server requires authentication, enter your credentials on this tab. ownCloud will then
attempt to auto-detect the servers port and base DN. The base DN and port are mandatory, so if ownCloud cannot
detect them you must enter them manually.
Server configuration: Configure one or more LDAP servers. Click the Delete Configuration button to remove the
active configuration.
124
Chapter 5. Configuration
Host: The host name or IP address of the LDAP server. It can also be a ldaps:// URI. If you enter the port number, it
speeds up server detection.
Examples:
directory.my-company.com
ldaps://directory.my-company.com
directory.my-company.com:9876
Port: The port on which to connect to the LDAP server. The field is disabled in the beginning of a new configuration.
If the LDAP server is running on a standard port, the port will be detected automatically. If you are using a
non-standard port, ownCloud will attempt to detect it. If this fails you must enter the port number manually.
Example:
389
User DN: The name as DN of a user who has permissions to do searches in the LDAP directory. Leave it empty for
anonymous access. We recommend that you have a special LDAP system user for this.
Example:
uid=owncloudsystemuser,cn=sysusers,dc=my-company,dc=com
Password: The password for the user given above. Empty for anonymous access.
Base DN: The base DN of LDAP, from where all users and groups can be reached. You may enter multiple base
DNs, one per line. (Base DNs for users and groups can be set in the Advanced tab.) This field is mandatory.
ownCloud attempts to determine the Base DN according to the provided User DN or the provided Host, and you
must enter it manually if ownCloud does not detect it.
Example:
dc=my-company,dc=com
User Filter
Use this to control which LDAP users have access to your ownCloud server. You may bypass the form fields and enter
a raw LDAP filter if you prefer.
only those object classes: ownCloud will determine the object classes that are typically available for user objects in
your LDAP. ownCloud will automatically select the object class that returns the highest amount of users. You
may select multiple object classes.
only from those groups: If your LDAP server supports the member-of-overlay in LDAP filters, you can define
that only users from one or more certain groups are allowed to appear and log in into ownCloud. By default, no
value will be selected. You may select multiple groups.
If your LDAP server does not support the member-of-overlay in LDAP filters, the input field is disabled. Please
contact your LDAP administrator.
Edit raw filter instead: Clicking on this text toggles the filter mode and you can enter the raw LDAP filter directly.
Example:
objectClass=inetOrgPerson
x users found: This is an indicator that tells you approximately how many users will be allowed to access ownCloud.
The number updates automatically after any changes.
125
Login Filter
The settings in the Login Filter tab determine what the users login will be, for example an LDAP username, or an
email address. You may select multiple user details. (You may bypass the form fields and enter a raw LDAP filter if
you prefer.)
You may override your User Filter settings on the User Filter tab by using a raw LDAP filter.
LDAP Username: If this value is checked, the login value will be compared to the username in the LDAP directory.
The corresponding attribute, usually uid or samaccountname will be detected automatically by ownCloud.
LDAP Email Address: If this value is checked, the login value will be compared to an email address in the LDAP
directory; specifically, the mailPrimaryAddress and mail attributes.
Other Attributes: This multi-select box allows you to select other attributes for the comparison. The list is generated
automatically from the user object attributes in your LDAP server.
Edit raw filter instead: Clicking on this text toggles the filter mode and you can enter the raw LDAP filter directly.
The %uid placeholder is replaced with the login name entered by the user upon login.
Examples:
only username: uid=%uid
username or email address: (|(uid=%uid)(mail=$uid))
Group Filter
By default, no LDAP groups will be available in ownCloud. The settings in the group filter tab determine which groups
will be available in ownCloud. You may also elect to enter a raw LDAP filter instead.
only those object classes: ownCloud will determine the object classes that are typically available for group objects
in your LDAP server. ownCloud will only list object classes that return at least one group object. You can select
multiple object classes. A typical object class is group, or posixGroup.
126
Chapter 5. Configuration
127
only from those groups: ownCloud will generate a list of available groups found in your LDAP server. and then you
select the group or groups that get access to your ownCloud server.
Edit raw filter instead: Clicking on this text toggles the filter mode and you can enter the raw LDAP filter directly.
Example:
objectClass=group
objectClass=posixGroup
y groups found: This tells you approximately how many groups will be available in ownCloud. The number updates
automatically after any change.
Chapter 5. Configuration
directory2.my-company.com
Backup (Replica) Port: The connection port of the backup LDAP server. If no port is given, but only a host, then the
main port (as specified above) will be used.
Example:
389
Disable Main Server: You can manually override the main server and make ownCloud only connect to the backup
server. This is useful for planned downtimes.
Case insensitive LDAP server (Windows): When the LDAP server is running on a Windows Host.
Turn off SSL certificate validation: Turns off SSL certificate checking. Use it for testing only!
Cache Time-To-Live: A cache is introduced to avoid unnecessary LDAP traffic, for example caching usernames
so they dont have to be looked up for every page, and speeding up loading of the Users page. Saving the
configuration empties the cache. The time is given in seconds.
Note that almost every PHP request requires a new connection to the LDAP server. If you require fresh PHP
requests we recommend defining a minimum lifetime of 15s or so, rather than completely eliminating the cache.
Examples:
ten minutes: 600
one hour: 3600
See the Caching section below for detailed information on how the cache operates.
Directory Settings
129
User Display Name Field: The attribute that should be used as display name in ownCloud.
Example: displayName
Base User Tree: The base DN of LDAP, from where all users can be reached. This must be a complete DN, regardless
of what you have entered for your Base DN in the Basic setting. You can specify multiple base trees, one on
each line.
Example:
cn=programmers,dc=my-company,dc=com
cn=designers,dc=my-company,dc=com
User Search Attributes: These attributes are used when searches for users are performed, for example in the in the
share dialogue. The user display name attribute is the default. You may list multiple attributes, one per line.
If an attribute is not available on a user object, the user will not be listed, and will be unable to login. This also
affects the display name attribute. If you override the default you must specify the display name attribute here.
Example:
displayName
mail
Group Display Name Field: The attribute that should be used as ownCloud group name. ownCloud allows a limited
set of characters (a-zA-Z0-9.-_@). Once a group name is assigned it cannot be changed.
Example: cn
Base Group Tree: The base DN of LDAP, from where all groups can be reached. This must be a complete DN,
regardless of what you have entered for your Base DN in the Basic setting. You can specify multiple base trees,
one in each line.
Example:
cn=barcelona,dc=my-company,dc=com
cn=madrid,dc=my-company,dc=com
Group Search Attributes: These attributes are used when a search for groups is done, for example in the share
dialogue. By default the group display name attribute as specified above is being used. Multiple attributes can
be given, one in each line.
If you override the default, the group display name attribute will not be taken into account, unless you specify it
as well.
Example:
cn
description
130
Chapter 5. Configuration
Group Member association: The attribute that is used to indicate group memberships, i.e. the attribute used by
LDAP groups to refer to their users.
ownCloud detects the value automatically. You should only change it if you have a very valid reason and know
what you are doing.
Example: uniquemember
Special Attributes
131
The LDAP backend ensures that there are no duplicate internal usernames in ownCloud, i.e. that it is checking
all other activated user backends (including local ownCloud users). On collisions a random number (between
1000 and 9999) will be attached to the retrieved value. For example, if alice exists, the next username may be
alice_1337.
The internal username is the default name for the user home folder in ownCloud. It is also a part of remote
URLs, for instance for all *DAV services.
You can override all of this with the Internal Username setting. Leave it empty for default behaviour. Changes
will affect only newly mapped LDAP users.
Example: uid
Override UUID detection By default, ownCloud auto-detects the UUID attribute. The UUID attribute is used to
uniquely identify LDAP users and groups. The internal username will be created based on the UUID, if not
specified otherwise.
You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your
choice can be fetched for both users and groups and it is unique. Leave it empty for default behaviour. Changes
will have effect only on newly mapped LDAP users and groups. It also will have effect when a users or groups
DN changes and an old UUID was cached, which will result in a new user. Because of this, the setting should
be applied before putting ownCloud in production use and clearing the bindings (see the User and Group
Mapping section below).
Example: cn
Username-LDAP User Mapping ownCloud uses usernames as keys to store and assign data. In order to precisely
identify and recognize users, each LDAP user will have a internal username in ownCloud. This requires a
mapping from ownCloud username to LDAP user. The created username is mapped to the UUID of the LDAP
user. Additionally the DN is cached as well to reduce LDAP interaction, but it is not used for identification. If
the DN changes, the change will be detected by ownCloud by checking the UUID value.
The same is valid for groups.
132
Chapter 5. Configuration
The internal ownCloud name is used all over in ownCloud. Clearing the Mappings will have leftovers everywhere. Never clear the mappings in a production environment, but only in a testing or experimental server.
Clearing the Mappings is not configuration sensitive, it affects all LDAP configurations!
133
134
Chapter 5. Configuration
4. (optional) Switch to Advanced tab and uncheck Configuration Active in the Connection Settings, so the new
configuration is not used on Save
5. Click on Save
Now you can modify and enable the configuration.
5.28.12 Caching
The ownCloud Cache helps to speed up user interactions and sharing. It is populated on demand, and remains populated until the Cache Time-To-Live for each unique request expires. User logins are not cached, so if you need to
improve login times set up a slave LDAP server to share the load.
Another significant performance enhancement is to install the Alternative PHP Cache (APC). APC is an OPcache,
which is several times faster than a file cache. APC improves PHP performance by storing precompiled script
bytecode in shared memory, which reduces the overhead of loading and parsing scripts on each request. (See
http://php.net/manual/en/book.apc.php for more information.)
You can adjust the Cache Time-To-Live value to balance performance and freshness of LDAP data. All LDAP
requests will be cached for 10 minutes by default, and you can alter this with the Cache Time-To-Live setting. The
cache answers each request that is identical to a previous request, within the time-to-live of the original request, rather
than hitting the LDAP server.
The Cache Time-To-Live is related to each single request. After a cache entry expires there is no automatic trigger
for re-populating the information, as the cache is populated only by new requests, for example by opening the User
administration page, or searching in a sharing dialog.
There is one trigger which is automatically triggered by a certain background job which keeps the
user-group-mappings up-to-date, and always in cache.
Under normal circumstances, all users are never loaded at the same time. Typically the loading of users happens
while page results are generated, in steps of 30 until the limit is reached or no results are left. For this to work on an
oC-Server and LDAP-Server, Paged Results must be supported, which presumes PHP >= 5.4.
ownCloud remembers which user belongs to which LDAP-configuration. That means each request will always be
directed to the right server unless a user is defunct, for example due to a server migration or unreachable server. In
this case the other servers will also receive the request.
5.28. User Authentication with LDAP
135
136
Chapter 5. Configuration
Then you can run sudo -u www-data php occ user:delete aaliyah_brown to delete user
aaliyah_brown. You must use the users ownCloud name.
137
Enter the new users Login Name and their initial Password
Optionally, assign Groups memberships
Click the Create button
Login names may contain letters (a-z, A-Z), numbers (0-9), dashes (-), underscores (_), periods (.) and ampersands
(@). After creating the user, you may fill in their Full Name if it is different than the login name, or leave it for the
user to complete.
Remember to give your new users their logins and passwords.
138
Chapter 5. Configuration
Super Administrators have full rights on your ownCloud server, and can access and modify all settings. To assign
the Super Administrators role to a user, simply add them to the admin group.
Metadata (such as thumbnails, temporary files, and encryption keys) takes up about 10% of disk space, but is not
counted against user quotas. Users can check their used and available space on their Personal pages. Only files that
originate with users count against their quotas, and not files shared with them that originate from other users. For
example, if you upload files to a different users share, those files count against your quota. If you re-share a file that
another user shared with you, that file does not count against your quota, but the originating users.
Encrypted files are a little larger than unencrypted files; the unencrypted size is calculated against the users quota.
Deleted files that are still in the trash bin do not count against quotas. The trash bin is set at 50% of quota. Deleted
file aging is set at 30 days. When deleted files exceed 50% of quota then the oldest files are removed until the total is
below 50%.
When version control is enabled, the older file versions are not counted against quotas.
5.30. User Management
139
When a user creates a public share via URL, and allows uploads, any uploaded files count against that users quota.
If your ownCloud username is not admin, then substitute your ownCloud username.
You can find your HTTP user in your HTTP configuration file. These are the default Apache HTTP user:group on
Linux distros:
Centos, Red Hat, Fedora: apache:apache
Debian, Ubuntu, Linux Mint: www-data:www-data
openSUSE: wwwrun:www
See Using the occ Command to learn more about using the occ command.
140
Chapter 5. Configuration
CHAPTER
SIX
MAINTENANCE
141
SQLite
sqlite3 data/owncloud.db .dump > owncloud-sqlbkp_`date +"%Y%m%d"`.bak
PostgreSQL
instance,
except
for
your
data
directory,
to
Moves all directories except data, config and themes from the current instance to backup/tmp
Moves all directories from backup/packageVersion to the current version
Updates the ownCloud database
Copies your old config.php to the new config/ directory
Using the Updater app to upgrade your ownCloud installation is just a few steps:
142
Chapter 6. Maintenance
1. You should see a notification at the top of any ownCloud page when there is a new update available:
2. Even though the Update app backs up important directories, you should always have your own current backups
(See Backing up ownCloud for details.)
3. Verify that the HTTP user on your system can write to your whole ownCloud directory; see Setting Strong
Permissions.
4. Navigate to your Admin page and click the Update Center button under Updater:
6. Click Update, and carefully read the messages. If there are any problems it will tell you. The most common
issue is directory permissions; see Setting Strong Permissions. Otherwise you will see a message about checking your
installation, making a backup, and moving files:
8. Click Proceed, and then it downloads the updates, which may take a few minutes:
7. The Update app wants you to be very sure you want to update, and so you must click one more button, the Start
Update button:
Note: If you have a large ownCloud installation, at this point you should use the occ upgrade command, running
it as your HTTP user, instead of clicking Start Update, in order to avoid PHP timeouts. This example is for Ubuntu
Linux:
$ sudo -u www-data php occ upgrade
See Using the occ Command to learn more about using the occ command.
143
144
Chapter 6. Maintenance
145
8. It works for a few minutes, and when it is finished displays a success message, which disappears after a short
time.
Arch Linux:
146
Chapter 6. Maintenance
Fedora:
chown -R apache:apache /path/to/owncloud/
openSUSE:
chown -R wwwrun:www /path/to/owncloud/
After the Updater app has run, you should re-apply the strict permissions.
Please see Using the occ Command to learn more about occ.
The other way is by entering your config.php file and changing maintenance => false, to
maintenance => true,. When youre finished upgrading, remember to change true to false.
Then:
1. Ensure that you are running the latest point release of your current major ownCloud version.
147
2. Deactivate all third party applications (not core apps), and review them for compatibility with your new ownCloud version.
3. Back up your existing ownCloud Server database, data directory, and config.php file. (See Backing up
ownCloud.)
4. Download the latest ownCloud Server version into an empty directory outside of your current installation. For
example, if your current ownCloud is installed in /var/www/owncloud/ you could create a new directory
called /var/www/owncloud2/
On Linux operating systems, change to your new directory and download the current ownCloud tarball with wget:
wget http://download.owncloud.org/community/owncloud-latest.tar.bz2
For Windows operating systems. see the installation instruction in Windows 7 and Windows Server 2008.
5. Stop your web server.
Depending on your environment, you will be running either an Apache server or a Windows IIS server. To stop an
Apache server, refer to the following table for specific commands to use in different Linux operating systems:
Operating System
CentOS/ Red Hat
Debian or Ubuntu
SUSE Enterprise Linux 11
openSUSE 12.3 and up
To stop the Windows IIS web server, you can use either the user interface (UI) or command line method as follows:
Method
User Interface (UI)
Command Line
Procedure
1. Open IIS Manager and navigate to the web
server node in the tree.
2. In the Actions pane, click Stop.
1. Open a command line window as administrator.
2. At the command prompt, type net stop WAS
and press ENTER.
3. (Optional) To stop W3SVC, type Y and then
press ENTER.
6. Rename or move your current ownCloud directory (named owncloud/ if installed using defaults) to another
location.
7. Unpack your new tarball:
tar xjf owncloud-latest.tar.bz2
In Microsoft Windows environments, you can unpack the release tarball using WinZip or a similar tool (for
example, Peazip). Always unpack server code into an empty directory. Unpacking the server code into an
existing, populated directory is not supported and will cause all kinds of errors.
8. This creates a new owncloud/ directory populated with your new server files. Copy this directory and its
contents to the original location of your old server, for example /var/www/, so that once again you have
/var/www/owncloud .
9. Copy and paste the config.php file from your old version of ownCloud to your new ownCloud version.
148
Chapter 6. Maintenance
10. If you keep your data/ directory in your owncloud/ directory, copy it from your old version of ownCloud
to the owncloud/ directory of your new ownCloud version. If you keep it outside of owncloud/ then you
dont have to do anything with it.
Note: We recommend storing your data/ directory in a location other than your owncloud/ directory. If you have
your data/ directory already stored in another location, you can skip this step. If you want to do so, now is a good
time to change the location of your data/ directory. See the Advanced Options chapter in Installation Wizard for
more information about changing the default database or data directory.
11. Restart your web server.
Depending on your environment, you will be running either an Apache server or a Windows IIS server. In addition,
when running your server in a Linux environment, the necessary commands for stopping the Apache server might
differ from one Linux operating system to another.
To start an Apache server, refer to the following table for specific commands to use in different Linux operating
systems:
Operating System
CentOS/ Red Hat
Debian or Ubuntu
SUSE Enterprise Linux 11
openSUSE 12.3 and up
To start the Windows IIS web server, you can use either the user interface (UI) or command line method as follows:
Method
User Interface (UI)
Command Line
Procedure
1. Open IIS Manager and navigate to the web
server node in the tree.
2. In the Actions pane, click Stop.
1. Open a command line window as administrator.
2. At the command prompt, type net stop WAS
and press ENTER.
3. (Optional) To stop W3SVC, type Y and then
press ENTER.
12. Now you should be able to open a web browser to your ownCloud server and log in as usual. You have a couple
more steps to go: You should see a Start Update screen. Review the prequisites, and if you have followed all
the steps click the Start Update button.
If you are an enterprise customer, or are running a large installation with a lot of files and users, you should
launch the update from the command line using occ to avoid timeouts, like this example on Ubuntu Linux:
$ sudo -u www-data php occ upgrade
Please see Using the occ Command to learn more about occ.
13. The upgrade operation takes a few minutes, depending on the size of your installation. When it is finished you
will see a success message, or an error message that will tell where it went wrong.
Assuming your upgrade succeeded, take a look at the bottom of the Admin page to verify the version number. Check
your other settings to make sure theyre correct. Go to the Apps page and review the core apps to make sure the right
ones are enabled.
149
Now you can review your third-party apps, and upgrade and enable them.
MySQL
MySQL is the recommended database engine. To backup MySQL:
mysql -h [server] -u [username] -p[password] [db_name] < owncloud-sqlbkp.bak
SQLite
sqlite3 data/owncloud.db .dump < owncloud-sqlbkp.bak
PostgreSQL
PGPASSWORD="password" pg_restore -c -d owncloud -h [server] -U [username] owncloud-sqlbkp.bak
150
Chapter 6. Maintenance
To complete the conversion, type yes when prompted Continue with the conversion? On success the
converter will automatically configure the new database in your ownCloud configuration in config.php.
6.6. Migrating ownCloud Installations
151
You can ignore these tables. Here is a list of known old tables:
oc_calendar_calendars
oc_calendar_objects
oc_calendar_share_calendar
oc_calendar_share_event
oc_fscache
oc_log
oc_media_albums
oc_media_artists
oc_media_sessions
oc_media_songs
oc_media_users
oc_permissions
oc_queuedtasks
oc_sharing
152
Chapter 6. Maintenance
CHAPTER
SEVEN
If you have trouble installing, configuring or maintaining ownCloud, please refer to our community support channels:
The ownCloud Forums
Note: The ownCloud forums have a FAQ page where each topic corresponds to typical mistakes or frequently
occurring issues
The ownCloud User mailing list
The ownCloud IRC chat channel irc://#[email protected] on freenode.net, also accessible via
webchat
Please understand that all these channels essentially consist of users like you helping each other out. Consider helping
others out where you can, to contribute back for the help you get. This is the only way to keep a community like
ownCloud healthy and sustainable!
If you are using ownCloud in a business or otherwise large scale deployment, note that ownCloud Inc. offers the
Enterprise Edition with commercial support options.
7.1 Bugs
If you think you have found a bug in ownCloud, please:
Search for a solution (see the options above)
Double check your configuration
If you cant find a solution, please use our bugtracker.
153
Finder, OS Xs built-in WebDAV client (Describes problems with Finder on various webservers)
154