Difference between revisions of "Owncloud"

Latest revision as of 18:35, 25 May 2016

Ubuntu 12.04 LTS

Backup users

Source:

http://forum.owncloud.org/viewtopic.php?f=3&t=1889

It might happen, that you need to copy files from one users owncloud installation to another.

Or - like in my case - you change from owncloud inline users creation to an LDAP backend (AD / Zentyal 4.0). Changing the authentification backend without deletion of old users with the same usernames leads to new users on the filesystem like this:

owncloud/data/user_a -> owncloud/data/user_a_7532 (new user_a after LDAP)

Despite the login name will be the same it is not within the owncloud directory! If you login into the "user_a" and it's old password, you should get to the old account. When you login with user_a and the new LDAP password, you will get to the new account! Owncloud nows which is which.

But: I recommend to delete the old user and backup the directory.

Here is how to copy over the files:

Prerequisites:

A. Backup the complete /var/www/owncloud directory

B. VERY, VERY IMPORTANT - backup the old "user_a" - don't mix the two ways up !!!

EITHER alter the password of the old user_a, before you add a new "user_a" via e.g. LDAP !!! But this will lead to new usernames on file system level!
OR
- backup the folder of your "user_a"
  - and later delete the user (see B.)

rsync -av --delete /var/www/owncloud/data/user_a -> user_a_backup

B. Create a new "user_a" - don't mix the two ways up !!!

EITHER - when you changed the password - add your new authentification backend - e.g. LDAP . witch leads to the new "user_a"
OR
- first delete the old "user_a" in the administration interface of owncloud
- and then add your new authentification backend

C. Test the new "user_a" login credentials inside of the webinterface of owncloud.

D. Stop apache (so no one would accidentally interfere with your owncloud installation)

E. Sync the folders for the new

apt-get install sqlite3 rsync

1. Copy everything from the old user_a to the new user_a_#### preserving the file and folder attributes !!!

cd /var/www/owncloud # depends on your install directory
rsync -av --delete data/user_a/. data/user_a_####/.

2. Trucate the file cache table in the owncloud database. OC version 6 and 7 differ a little bit in the sqlite version:

sqlite /var/www/owncloud/owncloud.db
sqlite> .tables

sqlite> DELETE FROM oc_fscache;   # oc version 6
sqlite> DELETE FROM oc_filecache; # oc version 7

sqlite> VACUUM
sqlite> .quit

F. Login in to the adminitration interface of owncloud (user admin ...) and check the users!

G. Login into your new "user_a" and the file cache will be recreated.

Sources.list and Installation

For the official installation manual see:

http://software.opensuse.org/download/package?project=isv:ownCloud:community&package=owncloud

Accourding to the manual

Add the appropriate key for your distribution (here for Ubuntu 12.04):

 wget -qO - http://download.opensuse.org/repositories/isv:ownCloud:community/xUbuntu_12.04/Release.key | sudo apt-key add -

Add a sources list file and

apt-get update

Install the server package

apt-get install owncloud

Update

Owncloud server version 6.0 -> 7.0 / 8.0

When updating from 6.0 you might encounter the problem, that the "Shared" folder is gone. If you have had an corporate setup an used this hierarchy, you can add the line

'share_folder' => '/Shared',

to /where_ever_location_is/owncloud/config/config.php

BUT, to get a corresponding client structure, you have to

detach the permissions of every share on the server
reattach the permissions for the shared folders
perform a full resynchronisation at the owncloud client. That is: remove the sync folder with in the client settings dialog, reattach the folder and perform a complete new download of all folder contents.

WebDav support

apt-get install davfs2

Configure unpriviledged (non-root) user access:

dpkg-reconfigure davfs2

Prepare apache2 for owncloud

This is necessary to get access to the webinterface of owncloud.

HINT: If you are behind a NAT, you have to add your domain to your /etc/hosts file due to a problem with curl:

vim /etc/hosts

127.0.0.1  localhost owncloud.yourserver.tld

Then configure your apache2 hosts file:

vim /etc/apache2/sites-avaible/owncloud.conf

<VirtualHost *:80>
        ServerAdmin webmaster@YOURSERVER.TLD

        ServerName owncloud.yourserver.tld
        DocumentRoot /path_to/www/owncloud.yourserver.tld

        <Directory /path_to/www/owncloud.yourserver.tld>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory> 

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@YOURSERVER.TLD

        ServerName owncloud.yourserver.tld
        DocumentRoot /path_to/www/owncloud.yourserver.tld

        <Directory /path_to/www/owncloud.yourserver.tld>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory> 

        # SSL
        SSLEngine on
        SSLCertificateFile    /etc/apache2/ssl/ssl.pem
</VirtualHost>
</IfModule>

Create a database

If you like to use a database like mysql you have to create a database, user and password in advance!

Settings

Now open your new Owncloud webpage and

Add admin account settings
Optional: enter database settings

Then you can enter new users!

Owncloud, LDAP and Zentyal

Zentyal 4.2 (Ubuntu 14.04) / Owncloud 8.2

Servername: use IP Port: 389
DN to login: someuser@zentyaldomain.lan
Password: "thepassfor someuser"
Base DN: As mentioned at the LDAP information in the webinterface

TIP: using the qualified domainname (e.g. server.zentyaldomain.lan) did NOT work for me.

See:

https://forum.zentyal.org/index.php/topic,23844.new.html#new

Zentyal 4.0 (Ubuntu 14.04) / Owncloud 7.0

[UPDATE] --Apos (talk) 09:01, 16 February 2015 (CET)

Owncloud Version 8.0 works like expected. Added "shared_folder" directive. See #Update).

There have been major changes to ldap on Zentyal 4.0 due to the new Samba backend:

https://ludwig.im/en/projects/owncloud-samba4-apache2-twonkyserver

Server:

First check, if your setup is working correctly:

#> ldapsearch -H ldap://YOUR_LDAP_SERVER -x -b "" -s base -LLL supportedSASLMechanisms

dn:
supportedSASLMechanisms: GSS-SPNEGO
supportedSASLMechanisms: GSSAPI
supportedSASLMechanisms: NTLM

The main change is, that there is no user 'zentyal-ro' any more to make anonymous ldap queries.

If you updated from former versions, you'll get the user and is's password:

ls -lta /var/lib/zentyal/conf/zentyal-mail-*.passwd
cat /var/lib/zentyal/conf/zentyal-mail-*.passwd

On a fresh Zentyal 4.0 install you have to create an domain admin user and use its credentials.

A simple ldap-query can be mad with:

ldapsearch  -h 127.0.0.1 -U zentyal-mail_USER.org -b 'dc=DOMAIN,dc=tld' 'uid' | grep zentyal-mail

Which leads to the new credentials (you can use lower case: cn=, dc=, ...!):

cn=zentyal-mail-DOMAIN.TLD,cn=,dc=DOMAIN,dc=TLD

Other users you can check with:

 ldapsearch  -h 127.0.0.1 -U ldapuser -b 'dc=DOMAIN,dc=TLD' 'sAMAccountName=USERNAME'

Zentyal 3.3 (Ubuntu 12.04) / Owncloud 6.0

Activate the LDAP Backend:

[...]

To connect to an LDAP server the configuration needs to be set up properly. Once the LDAP backend is activated (Apps Sidebar→Apps, choose LDAP user and group backend, click on Enable) the configuration can be found on Settings→Admin. Read on for a detailed description of the configuration fields. [2]

[...]

See:

apt-get install php5-ldap
a2enmod ldap
service apache2 restart

From: [2]

Owncloud 6, Zentyal 3.3 , I added 2 Groups (AdminHomeUser, HomeUser) and 5 Users. Following worked:

Server:

ServerIP: Server IP of Zentyal Server (for example: ldap://127.0.0.1)
Port: 390
DN of Client User: Root DN of Zentyal
Password: Password of ldap
Base DN: Zentyal Base DN

User Filter:

only those object classes: inetOrgPerson
only from those groups: AdminHomeUser, HomeUser

Login Filter:

LDAP Username: checked

Group Filter:

only those object classes: posixGroup
only from those groups: AdminHomeUser, HomeUser

Advanced - Directory Settings:

User Display Name Field: uid

Start multiple instances of owncloud client

Since the owncloud is not able to access multiple servers (as time of writign 08/2014), there is a workaround described in issue #43:

https://github.com/owncloud/mirall/issues/43

#!/bin/bash
#
# https://github.com/owncloud/mirall/issues/43
# Thanks to lazyfrosch (commented on 5 Dec 2013) and ogasser (commented on 1 Jul 2014) 

##############################
# Give this instance a unique name
INSTANCE=business
 
##############################
# DO NOT ALTER FROM HERE
CONFDIR="${HOME}/.local/share/data/ownCloud_${INSTANCE}"
TMPDIR="/tmp/${INSTANCE}"

# ensure path exists
test -e "${CONFDIR}" || mkdir "${CONFDIR}"
test -e "${TMPDIR}" || mkdir "${TMPDIR}"

# change the temporary directory where the lockfile is located
export TMPDIR

# copy the binary
# yes we need to do this, or owncloud will think it's the same instance
# NOTE: symlink won't help unfortunatly
cp /usr/bin/owncloud "${HOME}/bin/owncloud_${INSTANCE}.bin"

# start owncloud with custom confdir
exec "${HOME}/bin/owncloud_${INSTANCE}.bin" --confdir "${CONFDIR}" "$@"

Troubleshooting

Maintenence mode off

./occ maintenance:mode --off

#>vim config/config.php
[...]
 'maintenance' => false,
[...]

Update with console

#> cd /var/www/owncloud
 
./occ maintenance:mode --on
sudo -u  www-data php occ upgrade
./occ maintenance:mode --off

occ

https://doc.owncloud.com/server/8.0/admin_manual/configuration_server/occ_command.html

ETags

sudo -u www-data php occ maintenance:repair

SSH security

vim /etc/apache2/apache2.conf

LoadModule headers_module modules/mod_headers.so
SSLProtocol All -SSLv2 -SSLv3
SSLCompression off
SSLHonorCipherOrder On
SSLCipherSuite EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
Header add Strict-Transport-Security "max-age=15768000"

Memcache

https://owncloud.org/blog/making-owncloud-faster-through-caching

On Ubuntu 14.04 with Owncloud >=8.1 there is a wrong version for memcache apcu. If you use the standard php5-acpu package, this which will result in a blank screen. So as described above, you can manually install a newer version from the ubuntu repos:

sudo apt-get remove php5-apcu
cd /tmp
# sudo wget http://mirrors.kernel.org/ubuntu/pool/universe/p/php-apcu/php5-apcu_4.0.6-1_amd64.deb 
# [UPDATE] this version changed on the online repositories to php5-apcu_4.0.7-1build1_amd64.deb  
# which is NOT binary compatible any more to 8.1 - 
# you can download it from code-engine as time of writing
wget http://code-engine.org/wp-content/uploads/2015/10/php5-apcu_4.0.6-1_amd64.deb
# sudo dpkg -i php5-apcu_4.0.6-1_amd64.deb
sudo dpkg -i php5-apcu_4.0.6-1_amd64.deb
sudo rm php5-apcu*.deb

Configure PHP:

#> vim /etc/php5/apache2/php.ini
apc.enable_cli = 1

Configure Owncloud

#> vim /var/www/ownclooud/config/config.php

/**
* Memcache
*/
'memcache.local' => '\OC\Memcache\APCu',

Restart apache

service apache2 restart

Security

Official owncloud security adcice

In any case you should follow the security advices here:

Fail2ban

http://www.everybodyhertz.co.uk/fail2ban-for-owncloud-brute-force-prevention-and-alerting/

https://owncloud.org/security/

@@ Line 366: / Line 366: @@
+== Security ==
+=== Official owncloud security adcice ===
+In any case you should follow the security advices here:
+=== Fail2ban ===
+* http://www.everybodyhertz.co.uk/fail2ban-for-owncloud-brute-force-prevention-and-alerting/
+*  https://owncloud.org/security/
 [[Category:Ubuntu]]
 [[Category:OwnCloud]]