Using the occ Command
ownCloud’s occ
command (ownCloud console) is ownCloud’s command-line interface.
You can perform many common server operations with occ
, such as installing and upgrading ownCloud, managing users and groups, encryption, passwords, app settings, and more.
- Running occ
- Core Commands
- App Commands
- Background Jobs Selector
- Config Commands
- Config Reports
- Command Line Installation
- Command Line Upgrade
- DAV Commands
- Database Commands
- Encryption
- Federation Sync
- Federation Trusted Servers
- File Operations
- Files External
- Group Commands
- Integrity Check
- l10n, Create Javascript Translation Files for Apps
- Logging Commands
- Managing Background Jobs
- Maintenance Commands
- Migration Steps Command
- Mimetype Update Commands
- Notifications
- Previews Commands
- Poll Incoming Federated Shares For Updates
- Security
- Sharing
- System Commands
- Trashbin
- Two-Factor Authentication
- User Commands
- Versions
- Apps Commands
- Activity
- Anti-Virus
- Auditing
- Brute Force Protection
- Calendar
- Contacts
- Custom Groups
- Data Exporter
- File Lifecycle Management
- Full Text Search
- LDAP Integration
- Market
- Metrics
- Migrate to Kiteworks
- Password Policy
- Ransomware Protection (Enterprise Edition only)
- Collabora Online / Secure View
- OAuth2
- S3 Primary Objectstore
- SAML/SSO Shibboleth Integration (Enterprise Edition only)
- Two-Factor TOTP
- Windows Network Drive (WND)
Running occ
Check if occ Is Set to Executable
Note that this step is not necessary when using a docker installation.
To check if the occ
command is set to executable, change to your ownCloud directory first, then enter the command:
ls -lhF occ
This should give an output similar to this:
-rwxr-x--x 1 root www-data 283 May 18 17:44 occ*
In case it does not, set the occ command to executable with:
sudo chmod +x occ
As Your HTTP User
On a regular ownCloud installation, occ
is in the owncloud/
directory, this is on Ubuntu Linux for example /var/www/owncloud
. occ
itself is a PHP script.
You must run it as your HTTP user to ensure that the correct permissions are maintained on your ownCloud files and directories. The default HTTP user is different on the various Linux distributions.
-
The HTTP user and group in Debian/Ubuntu is
www-data
. -
The HTTP user and group in Fedora/CentOS is
apache
. -
The HTTP user and group in Arch Linux is
http
. -
The HTTP user in openSUSE is
wwwrun
, and the HTTP group iswww
.
Use the following command to find your HTTP user:
|
If your HTTP server is configured to use a different PHP version than the default (/usr/bin/php), occ
should be run with the same version.
For example, in CentOS with SCL-PHP74 installed, the command looks like this:
sudo -u apache /opt/rh/php74/root/usr/bin/php /var/www/html/owncloud/occ
occ Command Structure
The occ
command has options, commands, and arguments.
-
Options are optional.
-
Commands are required.
-
Arguments can be required or optional.
The generic syntax is:
occ [options] command [arguments]
sudo -u www-data /var/www/owncloud/occ
If your web server is configured to use a different PHP version than the default (/usr/bin/php), the occ
command should be run with the same version.
With a Docker Container
If your ownCloud instance is set up in a docker container, you need a user in the group docker
to perform occ
commands. An example command looks like this:
docker exec --user www-data <owncloud-container-name> occ <your-command>
For more information on docker, refer to section Installing with Docker.
Example Commands
Running occ
with no options lists all commands and options, like this example on Ubuntu:
sudo -u www-data ./occ
ownCloud version 10.8.0
Usage:
command [options] [arguments]
Options:
-h, --help Display this help message
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
-n, --no-interaction Do not ask any interactive question
--no-warnings Skip global warnings, show command output only
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output,
2 for more verbose output and 3 for debug
Available commands:
check Check dependencies of the server environment
help Displays help for a command
list Lists commands
status Show some status information
upgrade Run upgrade routines after installation of
a new release. The release has to be installed before
...
This is the same as sudo -u www-data ./occ list
.
Run it with the -h
option for syntax help:
sudo -u www-data ./occ -h
Display your ownCloud version:
sudo -u www-data ./occ -V
ownCloud version 10.8.0
Query your ownCloud server status:
sudo -u www-data ./occ status
- installed: true
- version: 10.8.0.4
- versionstring: 10.8.0
- edition: Community
The status
command from above has an option to define the output format.
The default is plain text, but it can also be json
:
sudo -u www-data ./occ status --output=json
{"installed":true,"version":"10.8.0.4","versionstring":"10.8.0","edition":""}
or json_pretty
:
sudo -u www-data ./occ status --output=json_pretty
{
"installed": true,
"version": "10.8.0.4",
"versionstring": "10.8.0",
"edition": "Community"
}
This output option is available on all list and list-like commands, which include status
, check
, app:list
, config:list
, encryption:status
and encryption:list-modules
.
Get detailed information on individual commands with the help
command, like in this example for the maintenance:mode
command:
sudo -u www-data ./occ help maintenance:mode --help
Usage:
maintenance:mode [options]
Options
--on Enable maintenance mode
--off Disable maintenance mode
--output[=OUTPUT] Output format (plain, json or json_pretty, default is plain) [default: "plain"]
-h, --help Display this help message
-q, --quiet Do not output any message
-V, --version Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
-n, --no-interaction Do not ask any interactive question
--no-warnings Skip global warnings, show command output only
-v|vv|vvv, --verbose Increase the verbosity of messages: 1 for normal output,
2 for more verbose output and 3 for debug
Core Commands
This command reference covers the ownCloud core commands, which are always available.
App Commands
The app
commands list, enable, and disable apps.
app
app:check-code check code to be compliant
app:disable disable an app
app:enable enable an app
app:getpath Get an absolute path to the app directory
app:list List all available apps
List Available Apps
List all of your installed apps or optionally provide a search pattern to restrict the list of apps to those whose name matches the given regular expression. The output shows whether they are enabled or disabled.
sudo -u www-data ./occ app:list [--] [<search-pattern>]
Arguments
|
Show only those apps whose names match the given search pattern (regular expression). |
Options
|
Only display enabled apps. When used, the output will contain the app’s version number as well |
|
Only display disabled apps. If the app was previously enabled, the app version is also displayed. When used, the output will contain the app’s version number as well, if it was previously enabled |
|
If |
|
Minimal view - only display apps with version When used, the output will contain the app’s version number as well. |
--output[=OUTPUT] |
The output format to use ( |
Enable an App
Enable an app, for example the Market app.
sudo -u www-data ./occ app:enable market
market enabled
Disable an App
sudo -u www-data ./occ app:disable market
market disabled
Be aware that the following apps cannot be disabled: DAV, FederatedFileSharing, Files and Files_External. |
Check App Code
app:check-code
has multiple checks:
-
It checks if an app uses ownCloud’s public API (
OCP
) or private API (OC_
), -
It also checks for deprecated methods and the validity of the
info.xml
file.
By default all checks are enabled. The Activity app is an example of a correctly-formatted app.
sudo -u www-data ./occ app:check-code notifications
App is compliant - awesome job!
If your app has issues, you’ll see output like this.
sudo -u www-data ./occ app:check-code foo_app
Analysing /var/www/owncloud/apps/files/foo_app.php
4 errors
line 45: OCP\Response - Static method of deprecated class must not be called
line 46: OCP\Response - Static method of deprecated class must not be called
line 47: OCP\Response - Static method of deprecated class must not be called
line 49: OC_Util - Static method of private class must not be called
Background Jobs Selector
Use the background
command to select which scheduler you want to use for controlling background jobs.
This is the same as using the Cron section on your ownCloud Admin page.
background
background:ajax Use ajax to run background jobs
background:cron Use cron to run background jobs
background:webcron Use webcron to run background jobs
Examples
# Set the background scheduler to Ajax
sudo -u www-data ./occ background:ajax
# Set the background scheduler to Cron
sudo -u www-data ./occ background:cron
# Set the background scheduler to Webcron
sudo -u www-data ./occ background:webcron
Check out the sections Managing Background Jobs and Background Jobs configuration to learn more. |
Config Commands
The config
commands are used to configure the ownCloud server.
|
config config:app:delete Delete an app config value config:app:get Get an app config value config:app:set Set an app config value config:import Import a list of configuration settings config:list List all configuration settings config:system:delete Delete a system config value config:system:get Get a system config value config:system:set Set a system config value
config:app References
The following apps, core functions or documents use/refer to config:app
settings:
config:system References
The following apps, core functions or documents use/refer to config:system
settings:
Config App Commands
These commands manage the configurations of apps. Keys and values are stored in the database.
config:app:delete
sudo -u www-data ./occ config:app:delete [options] [--] <app> <name>
Options
|
Checks whether the config exists before deleting it. |
|
The output format to use ( |
Examples:
sudo -u www-data ./occ config:app:delete myappname provisioning_api
Config value provisioning_api of app myappname deleted
The delete command will by default not complain if the configuration was not set before.
If you want to be notified in that case, set the --error-if-not-exists
flag.
sudo -u www-data ./occ config:app:delete doesnotexist --error-if-not-exists
Config provisioning_api of app appname could not be deleted because it did not exist
config:app:get
sudo -u www-data ./occ config:app:get [options] [--] <app> <name>
config:app:set
sudo -u www-data ./occ config:app:set [options] [--] <app> <name>
Arguments
|
Name of the app. Must not be an empty string. |
|
Name of the config to set. Must not be an empty string. |
Options
|
The new value of the config. |
|
Only updates the value. If it is not set before, it is not being added. |
|
The output format to use ( |
Examples
sudo -u www-data ./occ config:app:set \
files_sharing \
incoming_server2server_share_enabled \
--value=true \
--type=boolean
Config value incoming_server2server_share_enabled for app files_sharing set to yes
The config:app:set
command creates the value, if it does not already exist. To update an existing value, set --update-only
:
sudo -u www-data ./occ config:app:set \
doesnotexist \
--value=true \
--type=boolean \
--update-only
Value not updated, as it has not been set before.
config:import
The exported content can also be imported again to allow the fast setup of similar instances. The import command will only add or update values. Values that exist in the current configuration, but not in the one that is being imported are left untouched.
sudo -u www-data ./occ config:import filename.json
It is also possible to import remote files, by piping the input:
sudo -u www-data ./occ config:import < local-backup.json
While it is possible to update/set/delete the versions and installation statuses of apps and ownCloud itself, it is not recommended to do this directly.
Use the occ app:enable , occ app:disable and occ update commands instead.
|
config:list
The config:list
command lists all configuration values for your ownCloud setup as well as for any apps.
sudo -u www-data ./occ config:list [options] [--] [<app>]
Arguments
|
Name of the app. You can use "system" to get the config.php values, or "all" (the default) for all apps and system. |
Options
|
Use this option when you want to include sensitive configs, like passwords and salts. |
By default, passwords and other sensitive data are omitted from the report so that the output can be posted publicly (e.g., as part of a bug report). You can see a sample output in the example below.
{
"system": {
"passwordsalt": "***REMOVED SENSITIVE VALUE***",
"secret": "***REMOVED SENSITIVE VALUE***",
"trusted_domains": [
"localhost",
],
"datadirectory": "\/var\/www\/localhost\/data",
"overwrite.cli.url": "http:\/\/localhost",
"dbtype": "mysql",
"version": "10.3.0.4",
"dbname": "owncloud",
"dbhost": "localhost",
"dbtableprefix": "oc_",
"dbuser": "***REMOVED SENSITIVE VALUE***",
"dbpassword": "***REMOVED SENSITIVE VALUE***",
"logtimezone": "UTC",
"shareapi_allow_public_notification": "yes",
"apps_paths": [
{
"path": "\/var\/www\/localhost\/apps",
"url": "\/apps",
"writable": false
},
{
"path": "\/var\/www\/localhost\/apps-external",
"url": "\/apps-external",
"writable": true
}
],
"installed": true,
"instanceid": "ocfp00rezy80",
"loglevel": 2,
"maintenance": false
},
"apps": {
"backgroundjob": {
"lastjob": "13"
},
"comments": {
"enabled": "yes",
"installed_version": "0.3.0",
"types": "logging,dav"
},
"core": {
"backgroundjobs_mode": "cron",
"enable_external_storage": "yes",
"first_install_version": "10.3.0.2",
"installedat": "1569845065.1792",
"lastcron": "1571930489",
"lastupdateResult": "[]",
"lastupdatedat": "1572536814",
"oc.integritycheck.checker": "{\"systemtags\":{\"EXCEPTION\":{\"class\":\"OC\\\\IntegrityCheck\\\\Exceptions\\\\MissingSignatureException\",\"message\":\"Signature data not found.\"}},\"comments\":{\"EXCEPTION\":{\"class\":\"OC\\\\IntegrityCheck\\\\Exceptions\\\\MissingSignatureException\",\"message\":\"Signature data not found.\"}}}",
"public_files": "files_sharing\/public.php",
"public_webdav": "dav\/appinfo\/v1\/publicwebdav.php",
"shareapi_allow_mail_notification": "yes",
"umgmt_set_password": "false",
"umgmt_show_backend": "true",
"umgmt_show_email": "true",
"umgmt_show_is_enabled": "true",
"umgmt_show_last_login": "true",
"umgmt_show_password": "false",
"umgmt_show_quota": "true",
"umgmt_show_storage_location": "false",
"vendor": "owncloud"
},
"dav": {
"enabled": "yes",
"installed_version": "0.5.0",
"types": "filesystem"
},
"federatedfilesharing": {
"enabled": "yes",
"installed_version": "0.5.0",
"types": "filesystem"
},
"federation": {
"enabled": "yes",
"installed_version": "0.1.0",
"types": "authentication"
},
"files": {
"cronjob_scan_files": "500",
"enabled": "yes",
"installed_version": "1.5.2",
"types": "filesystem"
},
"files_external": {
"allow_user_mounting": "yes",
"enabled": "yes",
"installed_version": "0.7.1",
"types": "filesystem",
"user_mounting_backends": "googledrive,owncloud,sftp,smb,dav,\\OC\\Files\\Storage\\SFTP_Key,\\OC\\Files\\Storage\\SMB_OC"
},
"files_sharing": {
"enabled": "yes",
"installed_version": "0.12.0",
"types": "filesystem"
},
"files_trashbin": {
"enabled": "yes",
"installed_version": "0.9.1",
"types": "filesystem"
},
"files_versions": {
"enabled": "yes",
"installed_version": "1.3.0",
"types": "filesystem"
},
"provisioning_api": {
"enabled": "yes",
"installed_version": "0.5.0",
"types": "prevent_group_restriction"
},
"systemtags": {
"enabled": "yes",
"installed_version": "0.3.0",
"types": "logging"
},
"updatenotification": {
"enabled": "yes",
"installed_version": "0.2.1",
"types": ""
}
}
}
Displaying Sensitive Information
To generate a full report which includes sensitive values, such as passwords and salts, use the --private
option, as in the following example.
sudo -u www-data ./occ config:list --private
Filtering Information Reported
The output can be filtered to just the core information, core and apps, or one specific app. In the example below, you can see how to filter for each of these categories.
# List only system configuration details
sudo -u www-data ./occ config:list -- system
# List system and app configuration details
# This is the default, so doesn't need to be explicitly specified
sudo -u www-data ./occ config:list -- all
# List configuration details of the dav app
sudo -u www-data ./occ config:list -- dav
Below is an example of listing the config details for a single app.
{
"apps": {
"files_versions": {
"enabled": "yes",
"installed_version": "1.3.0",
"types": "filesystem"
}
}
}
config:system:delete
sudo -u www-data ./occ config:system:delete [options] [--] <name> (<name>)...
config:system:get
sudo -u www-data ./occ config:system:get [options] [--] <name> (<name>)...
config:system:set
sudo -u www-data ./occ config:system:set [options] [--] <name> (<name>)...
Arguments
|
Name of the config parameter, specify multiple for array parameter. Must not be an empty string. |
Options
|
Value type to use ( |
|
The new value of the config. |
|
Only updates the value. If it is not set before, it is not being added. |
|
The output format to use ( |
In order to write a boolean, float, JSON, or integer value to the configuration file, you need to specify the type of your command. This applies only to the config:system:set command. See table above for available types.
|
Examples
Disable the maintenance mode:
sudo -u www-data ./occ config:system:set maintenance \
--value=false \
--type=boolean
ownCloud is in maintenance mode - no app have been loaded
System config value maintenance set to boolean false
Create the app_paths
config setting (using a JSON payload because of multi array values):
sudo -u www-data ./occ config:system:set apps_paths \
--type=json \
--value='[
{
"path":"/var/www/owncloud/apps",
"url":"/apps",
"writable": false
},
{
"path":"/var/www/owncloud/apps-external",
"url":"/apps-external",
"writable": true
}
]'
Adding Redis to the configuration:
sudo -u www-data ./occ config:system:set \
redis \
--value '{"host": "127.0.0.1", "port": "6379"}' \
--type json
System config value redis set to json {"host": "127.0.0.1", "port": "6379"}
Some configurations (e.g., the trusted domain setting) are an array of data.
The array starts counting with 0. In order to set (and also get) the value of one key, you can specify multiple config
names separated by spaces:
sudo -u www-data ./occ config:system:get trusted_domains
localhost
owncloud.local
sample.tld
To replace sample.tld
with example.com
trusted_domains ⇒ 2 needs to be set:
sudo -u www-data ./occ config:system:set trusted_domains 2 --value=example.com
System config value trusted_domains => 2 set to string example.com
sudo -u www-data ./occ config:system:get trusted_domains
localhost
owncloud.local
example.com
Config Reports
If you’re working with ownCloud support and need to send them a configuration summary, you can generate it using the configreport:generate
command.
This command generates the same JSON-based report as the Admin Config Report, which you can access under admin → Settings → Admin → General → Generate Config Report → Download ownCloud config report
.
From the command-line in the root directory of your ownCloud installation, run it as your webserver user as follows, (assuming your webserver user is www-data
):
sudo -u www-data ./occ configreport:generate
This will generate the report and send it to STDOUT
.
You can optionally pipe the output to a file and then attach it to an email to ownCloud support, by running the following command:
sudo -u www-data ./occ configreport:generate > generated-config-report.txt
Alternatively, you could generate the report and email it all in one command, by running:
sudo -u www-data ./occ configreport:generate | mail \
-s "configuration report" \
-r <the email address to send from> \
support@owncloud.com
These commands are not available in single-user (maintenance) mode. |
Command Line Installation
ownCloud can be installed entirely from the command line.
After downloading the tarball and copying ownCloud into the appropriate directories, or after installing ownCloud packages (See Linux Package Manager Installation and Manual Installation on Linux) you can use occ
commands in place of running the graphical Installation Wizard.
These instructions assume that you have a fully working and configured webserver. If not, please refer to the documentation on configuring Configure the Web Server for detailed instructions. |
Apply the correct permissions to your ownCloud directories. Then choose your occ
options. This lists your available options:
sudo -u www-data ./occ occ
ownCloud is not installed - only a limited number of commands are available
ownCloud version 10.0.8
Usage:
[options] command [arguments]
== Options
--help (-h) Display this help message
--quiet (-q) Do not output any message
--verbose (-v|vv|vvv) Increase the verbosity of messages: 1 for normal output,
2 for more verbose output and 3 for debug
--version (-V) Display this application version
--ansi Force ANSI output
--no-ansi Disable ANSI output
--no-interaction (-n) Do not ask any interactive question
Available commands:
check Check dependencies of the server environment
help Displays help for a command
list Lists commands
status Show some status information
app
app:check-code Check code to be compliant
l10n
l10n:createjs Create javascript translation files for a given app
maintenance
maintenance:install Install ownCloud
Command Description
Display your maintenance:install
options.
sudo -u www-data ./occ help maintenance:install
ownCloud is not installed - only a limited number of commands are available
Usage:
maintenance:install [--database=["..."]] [--database-connection-string=["..."]] \
[--database-name=["..."]] [--database-host=["..."]] \
[--database-user=["..."]] [--database-pass=["..."]] \
[--database-table-prefix=["..."]] [--admin-user=["..."]] \
[--admin-pass=["..."]] [--data-dir=["..."]]
Options
|
Supported database type (default:
|
||
|
An Oracle-specific connection string.
Example
|
||
|
Name of the database. |
||
|
Hostname of the database (default: |
||
|
User name to connect to the database. |
||
|
Password of the database user. |
||
|
Prefix for all tables (default: |
||
|
Password of the admin account. |
||
|
Path to data directory (default: |
Example
This example completes the installation:
cd /var/www/owncloud/
sudo -u www-data ./occ maintenance:install \
--database "mysql" \
--database-name "owncloud" \
--database-user "root" \
--database-pass "password" \
--admin-user "admin" \
--admin-pass "password"
ownCloud is not installed - only a limited number of commands are available
ownCloud was successfully installed
Command Line Upgrade
These commands are available only after you have downloaded upgraded packages or tar archives, and before you complete the upgrade. List all options, like this example on CentOS Linux:
Command Description
sudo -u www-data ./occ upgrade --help
Usage:
upgrade [options]
Options
|
Automatically update apps to new major versions during minor updates of ownCloud Server. |
|
Skip disabling of third party apps. |
When you are performing an update or upgrade on your ownCloud server (see the Maintenance section of this manual), it is better to use occ
to perform the database upgrade step, rather than the Web GUI, in order to avoid timeouts.
PHP scripts invoked from the Web interface are limited to 3600 seconds.
In larger environments this may not be enough, leaving the system in an inconsistent state.
After performing all the preliminary steps (see the maintenance upgrade documentation) use this command to upgrade your databases, like this example on CentOS Linux:
sudo -u www-data ./occ upgrade
ownCloud or one of the apps require upgrade - only a limited number of
commands are available
Turned on maintenance mode
Checked database schema update
Checked database schema update for apps
Updated database
Updating <activity> ...
Updated <activity> to 2.1.0
Update successful
Turned off maintenance mode
Note how it details the steps. Enabling verbosity displays timestamps:
sudo -u www-data ./occ upgrade -v
ownCloud or one of the apps require upgrade - only a limited number of commands are available
2017-06-23T09:06:15+0000 Turned on maintenance mode
2017-06-23T09:06:15+0000 Checked database schema update
2017-06-23T09:06:15+0000 Checked database schema update for apps
2017-06-23T09:06:15+0000 Updated database
2017-06-23T09:06:15+0000 Updated <files_sharing> to 0.6.6
2017-06-23T09:06:15+0000 Update successful
2017-06-23T09:06:15+0000 Turned off maintenance mode
If there is an error it throws an exception, and the error is detailed in your ownCloud logfile, so you can use the log output to figure out what went wrong, or to use in a bug report.
Turned on maintenance mode Checked database schema update Checked database schema update for apps Updated database Updating <files_sharing> ... Exception ServerNotAvailableException: LDAP server is not available Update failed Turned off maintenance mode
DAV Commands
A set of commands to create and sync address books and calendars:
dav
dav:cleanup-chunks Cleanup outdated chunks
dav:create-addressbook Create a dav address book
dav:create-calendar Create a dav calendar
dav:sync-birthday-calendar Synchronizes the birthday calendar
dav:sync-system-addressbook Synchronizes users to the system address book
These commands are not available in single-user (maintenance) mode. |
Cleanup Chunks
dav:cleanup-chunks
cleans up outdated chunks (uploaded files) more than a certain number of days old. By default, the command cleans up chunks more than 2 days old. However, by supplying the number of days to the command, the range can be increased.
sudo -u www-data ./occ dav:cleanup-chunks [options] [--] [<minimum-age-in-days>]
Arguments
|
Minimum age of uploads to cleanup (in days - minimum 2 days - maximum 100) [default: 2] |
Create Addressbook
Create a dav address book.
sudo -u www-data ./occ dav:create-addressbook <user> <name>
Database Commands
Database Conversion Commands
Convert the Database Type
The SQLite database is good for testing, and for ownCloud servers with small single-user workloads that do not use sync clients, but production servers with multiple users should use MariaDB, MySQL, or PostgreSQL. You can use occ
to convert from SQLite to one of these other databases.
db
db:convert-type Convert the ownCloud database to the newly configured one
You need:
-
Your desired database and its PHP connector installed.
-
The login and password of a database admin user.
-
The database port number, if it is a non-standard port.
This is example converts SQLite to MySQL/MariaDB:
sudo -u www-data ./occ db:convert-type mysql oc_dbuser 127.0.0.1 oc_database
For a more detailed explanation see converting database types. |
Convert the MySQL Charset
Convert charset of MySQL/MariaDB to use utf8mb4. If you are using an older ownCloud installation, the database may not be setup to use the 4-byte unicode charset. This command changes the database charset to use utf8mb4
. Check your database charset before you use this command.
sudo -u www-data ./occ db:convert-mysql-charset
Restore the Table Format
This command sets the default row format of MySQL/MariaDB tables. This is only necessary once before you are going to e.g. install MariaDB 10.6 or higher because the COMPRESSED row format is now read-only by default. As a prerequisite, ownCloud 10.9 needs to be installed first. See the Database Upgrade guide for details.
sudo -u www-data ./occ db:restore-default-row-format
Encryption
occ
includes a complete set of commands for managing encryption. When using a HSM (Hardware Security Module, can also be emulated by software), additional occ encryption-related commands can be used.
encryption
config:app:set encryption encryptHomeStorage Encrypt the users home storage
encryption:change-key-storage-root Change key storage root
encryption:decrypt-all Disable server-side encryption and decrypt all files
encryption:disable Disable encryption
encryption:enable Enable encryption
encryption:encrypt-all Encrypt all files for all users
encryption:fix-encrypted-version Fix the encrypted version if the encrypted file(s) are
not downloadable.
encryption:list-modules List all available encryption modules
encryption:migrate Initial migration to encryption 2.0
encryption:recreate-master-key Replace existing master key with new one. Encrypt the
file system with newly created master key
encryption:select-encryption-type Select the encryption type. Only `masterkey` is available.
Note that this setting is only necessary when migration from user
key encryption. New encryptions will autmatically use master key.
encryption:set-default-module Set the encryption default module
encryption:show-key-storage-root Show current key storage root
encryption:status Lists the current status of encryption
When using a HSM (Hardware Security Module, additional occ encryption-related commands can be used, see the HSM occ documentation below. The occ commands can also be used when HSM is initiated via software emulation like SoftHSM2.
encryption
encryption:hsmdaemon Export or Import the Masterkey
encryption:hsmdaemon:decrypt Decrypt a String
config:app:set encryption Various encryption configuration commands for HSM
Status
occ encryption:status
shows whether you have active encryption and your default encryption module.
To enable encryption you must first enable the Encryption app and then run occ encryption:enable
:
sudo -u www-data ./occ app:enable encryption
sudo -u www-data ./occ encryption:enable
sudo -u www-data ./occ encryption:status
- enabled: true
- defaultModule: OC_DEFAULT_MODULE
Encrypt the Users Home Storage
Server-side encryption for local storage like the users home and remote storages like Google Drive can operate independently of each other. By doing so, you can encrypt a remote storage without also having to encrypt the users home storage on your ownCloud server. Possible values are 0
and 1
config:app:set encryption encryptHomeStorage --value '1'
Change Key Storage Root
encryption:change-key-storage-root
is for moving your encryption keys to a different folder within your data directory.
It takes one argument, which defines your new root folder.
The folder must exist and the path is relative to your data directory.
sudo -u www-data ./occ encryption:change-key-storage-root ../data/security/oc-keys
You can see the current location of your keys folder:
sudo -u www-data ./occ encryption:show-key-storage-root
Current key storage root: default storage location (data/)
List Modules
encryption:list-modules
displays your available encryption modules.
You will see a list of modules only if you have enabled the Encryption app.
Use encryption:set-default-module [module name]
to set your desired module.
Encrypt All
encryption:encrypt-all
encrypts all data files for all users.
You must first put your ownCloud server into single-user mode to prevent any user activity until encryption is completed.
Decrypt All
encryption:decrypt-all
decrypts all user data files, or optionally a single user:
sudo -u www-data ./occ encryption:decrypt freda
Users must have enabled recovery keys on their Personal pages. You must first put your ownCloud server into single-user mode, using the maintenance commands, to prevent any user activity until decryption is completed.
Arguments
|
Accepts the methods: |
|
Accepts the commands: |
Method Descriptions
Recovery method
This method reads the value from the environment variable OC_RECOVERY_PASSWORD
.
This variable bounds the value of recovery password set in the encryption page.
If this variable is not set the recovery process will be halted.
This has to be used for decrypting all users.
While opting recovery method user should not forget to set OC_RECOVERY_PASSWORD
in the shell.
Password method
This method reads the value from the environment variable OC_PASSWORD
.
This variable bounds the value of user password.
The password which user uses to login to oC account.
When password method is opted the user needs to set this variable in the shell.
Continue Option Description
The continue option can be used to bypass the permissions asked like yes
or no
while decrypting the file system.
If the user is sure about what he/she is doing with the command and would like to proceed, then -c yes
when provided to the command would not ask permissions.
If -c no
is passed to the command, then permissions would be asked to the user. It becomes interactive.
Use encryption:disable
to disable your encryption module.
You must first put your ownCloud server into single-user mode to prevent any user activity.
encryption:migrate
migrates encryption keys after a major ownCloud version upgrade.
You may optionally specify individual users in a space-delimited list.
See encryption configuration to learn more.
encryption:recreate-master-key
decrypts the ownCloud file system, replaces the existing master key with a new one, and encrypts the entire ownCloud file system with the new master key.
Given the size of your ownCloud filesystem, this may take some time to complete.
However, if your filesystem is quite small, then it will complete quite quickly.
The -y
switch can be supplied to automate acceptance of user input.
Fix Encrypted Version
sudo -u www-data ./occ encryption:fix-encrypted-version [options] [--] <user>
encryption:fix-encrypted-version
fixes the encrypted version of files if the encrypted file(s) are not downloadable for a given user. You only need this command if you get an "Invalid Signature" message in the browser or the clients.
Background: the oc_filecache
database table contains the integer columns "version" and "encryptedVersion" which start with 1 and are incremented on every file modification. When using encryption, those values are used together with the ciphertext to generate a cryptographic signature for the file. The version value is required to verify the signature. In some very rare cases like timeouts or bugs etc., the value might not get updated accordingly or get lost. The brute-force approach is to use the fix:encrypted:version
command until the file can be decrypted. Starting with ownCloud 10.8, the behavior of the command got improved so that the encryptedVersion value is reset to its original value if no correct version was found. Before that fix, the last tried value was stored in the database thus modifying the state of the system and making further rescue attempts non-deterministic.
Options
|
Limit files to fix with path, e.g., --path="/Music/Artist". |
|
Find the correct version of the file to verify the signature. |
HSM Related Commands
Options
|
Export the private master key in base64 |
|
Import a base64 encoded private masterkey. |
--export-masterkey
prints the base64_encode of the file data/files_encryption/OC_DEFAULT_MODULE/master_*.privateKey
.
The private key file in the directory may be named like master_08ea43b7.privateKey
.
Test to Decrypt a String
Allows to test the hsmdaemon
setup by providing an encrypted string to ownCloud and test if it can be decrypted.
sudo -u www-data ./occ encryption:hsmdaemon:decrypt [options] [--] <decrypt>
Options
|
The name of the user who is able to decrypt the provided string |
|
The keyId which was used to encrypt the provided string |
Set the HSM URL
Set the url on which the hsmdaemon
REST-API is reachable.
sudo -u www-data ./occ config:app:set encryption hsm.url --value 'http://127.0.0.1:8513'
Set the JSON Web Token Secret
To access the hsmdaemon
API, ownCloud must authenticate with a JWT (JSON Web Token). The given secret is shared between the hsdmdaemon
(see the hsmdaemon.toml configuration file) and ownCloud to sign the JWT. See the HSM documentation for an example how to generate a secret.
sudo -u www-data ./occ config:app:set encryption hsm.jwt.secret --value '7a7d1826-b514-4d9f-afc7-a7485084e8de'
Set the JWT Clockskew
The JWT described above has an expiry timestamp. In case the time clocks on ownCloud and hsmdaemon system drift or skew apart, additional time is added to the expiry time to counteract this situation. Set or change the clockskew only if ownCloud advises to do so. Defaults to 120, value is in seconds.
sudo -u www-data ./occ config:app:set encryption hsm.jwt.clockskew --value '120'
Federation Sync
Synchronize the address books of all federated ownCloud servers.
Servers connected with federation shares can share user address books, and auto-complete usernames in share dialogs. Use this command to synchronize federated servers:
sudo -u www-data ./occ federation:sync-addressbooks
This command is only available when the "Federation" app (federation ) is enabled.
|
Federation Trusted Servers
A set of commands to manage trusted federated servers from the command line.
federation:trusted-servers
federation:trusted-servers:add
federation:trusted-servers:list
federation:trusted-servers:remove
Add a Trusted Server
This command adds a trusted federated server.
sudo -u www-data ./occ federation:trusted-servers:add <url>
List Trusted Servers
This command lists all trusted federated servers that have been added.
sudo -u www-data ./occ federation:trusted-servers:list
Example
In the example below, all trusted servers that have been added are listed.
sudo -u www-data ./occ configured
Output:
+----+--------------------------------------------+--------+
| id | server | status |
+----+--------------------------------------------+--------+
| 1 | https://oc10130b1.qa.owncloud.test | OK |
| 2 | https://oc10122-20230818.qa.owncloud.test | OK |
+----+--------------------------------------------+--------+
File Operations
occ
has the following commands for managing files in ownCloud.
files
files:check-cache Check if the target file exists in the primary storage
files:checksums:verify Get all checksums in filecache and compares them by
recalculating the checksum of the file.
files:cleanup Deletes orphaned file cache entries.
files:remove-storage Remove a storage from the storages table and related files
from the filecache table.
files:scan Rescans the filesystem.
files:transfer-ownership All files and folders are moved to another user
- outgoing shares are moved as well (incoming shares are
not moved as the sharing user holds the ownership of the respective files).
files:troubleshoot-transfer-ownership
Scan for problems that might have occurred while running ownership transfer
These commands are not available in single-user (maintenance) mode. |
The files:check-cache command
The main purpose of this command is to clear the cache for objectstores (objectstore
and files_primary_S3
apps) as primary storage, but it is not limited to this type of storage. It can be used for any other type as long it is the primary storage.
Files in the primary storage could be deleted outside of ownCloud, leaving information in ownCloud’s file cache. This command intends to check if the target file can be read from the primary backend storage and, if not, allows you to remove the information cached.
Removing files directly from the primary storage is not supported and should not happen. As such, the cases where you need to run this command should be extremely rare. This is why this command is only provided to check for one file instead of scanning the whole of ownCloud’s filesystem. |
sudo -u www-data ./occ files:check-cache --help
Usage:
files:check-cache [options] [--] <uid> <target-file>
Options
|
Remove the file from the cache if it’s missing in the backend |
Examples of checking files for user maria:
sudo -u www-data ./occ files:check-cache maria welcome.txt
welcome.txt has been accessed properly
sudo -u www-data ./occ files:check-cache maria maria@smbhome/myfile.txt
Ignoring maria@smbhome/myfile.txt because it is shared or not inside the primary storage
The files:checksums:verify command
ownCloud supports file integrity checking, by computing and matching checksums. Doing so ensures that transferred files arrive at their target in the exact state as they left their origin.
In some rare cases, wrong checksums are written to the database which leads to synchronization issues, such as with the Desktop Client.
To mitigate such problems a new command is available: occ files:checksums:verify
.
Executing the command recalculates checksums, either for all files of a user or within a specified filesystem path on the designated storage.
It then compares them with the values in the database.
The command also offers an option to repair incorrect checksum values (-r, --repair
).
Executing this command might take some time depending on the file count. |
Below is sample output that you can expect to see when using the command.
sudo -u www-data ./occ files:checksums:verify
This operation might take very long.
Mismatch for files/welcome.txt:
Filecache: SHA1:eeb2c08011374d8ad4e483a4938e1aa1007c089d MD5:368e3a6cb99f88c3543123931d786e21 ADLER32:c5ad3a63
Actual: SHA1:da39a3ee5e6b4b0d3255bfef95601890afd80709 MD5:d41d8cd98f00b204e9800998ecf8427e ADLER32:00000001
Mismatch for thumbnails/9/2048-2048-max.png:
Filecache: SHA1:2634fed078d1978f24f71892bf4ee0e4bd0c3c99 MD5:dd249372f7a68c551f7e6b2615d49463 ADLER32:821230d4
Actual: SHA1:da39a3ee5e6b4b0d3255bfef95601890afd80709 MD5:d41d8cd98f00b204e9800998ecf8427e ADLER32:00000001
Options
|
Repair filecache-entry with mismatched checksums. |
|
Specific user to check. |
|
Path to check relative to user folder. [default: ""].
For example, if the user’s id was "john" and the |
The files:cleanup command
files:cleanup
tidies up the server’s file cache by deleting all file entries that have no matching entries in the storage table.
The files:remove-storage command
When a mount point gets removed, the storage ID and file cache related info stay in the database. Over time, this can consume a considerable amount of database space and can slow down database queries. With the files:remove-storage
command, these orphans can be removed. As a rule of thumb, though not essential, this command should be run in single user mode to avoid any conflicting access.
sudo -u www-data ./occ files:remove-storage --help
Usage:
files:remove-storage [options] [--] [<storage-id>]...
Options
|
The number of rows that will be deleted at the same time. Defaults to 1000. |
|
Show possible candidates for obsolete storages. This query can take a while. |
This command should be handled with absolute care because any storage ID and the correlated file cache can be removed. For safety reasons, the following advices are given:
|
Example Output
sudo -u www-data ./occ files:remove-storage --show-candidates
+------------+-------------------------------------------------+------------+
| storage-id | name | file_count |
+------------+-------------------------------------------------+------------+
| 3 | local::/mnt/project/files/ | 3 |
| 12 | wnd::MOUNTAIN\mountainUser1@10.0.2.203/foobar// | 9 |
| 15 | NULL | 8 |
+------------+-------------------------------------------------+------------+
Note that the name can be NULL as shown at storage 15 if there is no info about it in the oc_storages
table. It can also be hashed if it’s too long (as it is in the DB).
The files:scan command
The files:scan
command
-
Scans for new files.
-
Scans not fully scanned files.
-
Repairs file cache holes.
-
Updates the file cache.
File scans can be performed per-user, for a space-delimited list of users, for groups of users, and for all users.
Scanning is only possible when using POSIX filesystems but not for object storages like S3. This is because the object storage implementation uses the database as primary data source and the S3 storage for only holding the data blobs but no metadata. A sync from S3 storage to database is therefore not reasonable. |
sudo -u www-data ./occ files:scan --help
Usage:
files:scan [options] [--] [<user_id>]...
Options
|
The output format to use ( |
|
Limit rescan to this path, e.g. --path="/alice/files/Music", the user_id is determined by the path and the user_id parameter and --all are ignored. |
|
Scan user(s) under the group(s). This option can be used as --group=foo --group=bar to scan groups foo and bar (multiple values allowed) |
|
Scan user(s) under the group(s). This option can be used as --groups=foo,bar to scan groups foo and bar (multiple values allowed separated by commas) |
|
Do not output any message. |
|
Will rescan all files of all known users. |
|
Will repair detached filecache entries (slow). |
|
Only scan files which are marked as not fully scanned. |
If not using --quiet , statistics will be shown at the end of the scan.
|
The --path
Option
When using the --path
option, the path must be in one of the following formats:
"user_id/files/path" "user_id/files/mount_name" "user_id/files/mount_name/path"
For example:
--path="/alice/files/Music"
In the example above, the user_id alice
is determined implicitly from the path component given.
To get a list of scannable mounts for a given user, use the following command:
sudo -u www-data ./occ files_external:list user_id
Mounts are only scannable at the point of origin. Scanning of shares including federated shares is not necessary on the receiver side and therefore not possible. |
Mounts based on session credentials can not be scanned as the users credentials are not available to the occ command set. |
The --path
, --all
, --group
, --groups
and [user_id]
parameters are exclusive - only one must be specified.
The --repair
Option
As noted above, repairs can be performed for individual users, groups of users, and for all users in an ownCloud installation. What’s more, repair scans can be run even if no files are known to need repairing and if one or more files are known to be in need of repair. Two examples of when files need repairing are:
-
If folders have the same entry twice in the web UI (known as a 'ghost folder'), this can also lead to strange error messages in the desktop client.
-
If entering a folder doesn’t seem to lead into that folder.
We strongly suggest that you backup the database before running this command. |
The --repair
option can be run within two different scenarios:
-
Requiring a downtime when used on all affected storages at once.
-
Without downtime, filtering by a specified User Id.
The following commands show how to enable single user mode, run a repair file scan in bulk on all storages, and then disable single user mode. This way is much faster than running the command for every user separately, but it requires single user mode.
sudo -u www-data ./occ maintenance:singleuser --on
sudo -u www-data ./occ files:scan --all --repair
sudo -u www-data ./occ maintenance:singleuser --off
The following command filters by the storage of the specified user.
sudo -u www-data ./occ files:scan USERID --repair
If many users are affected, it could be convenient to create a shell script, which iterates over a list of User ID’s. |
The files:transfer-ownership command
You may transfer all files and outgoing shares from one user to another.
Incoming shares are not transferred.
If the target users don’t exist, they will be created.
This command is useful before removing users.
sudo -u www-data ./occ files:transfer-ownership --help
Usage:
files:transfer-ownership [options] [--] <source-user> <destination-user>
Arguments
|
owner of files which shall be moved |
|
user who will be the new owner of the files |
Options
|
selectively provide the path to transfer. |
|
always confirm to continue in case of skipped shares. |
|
transfer directly to top-level user folder, |
For example, to move all files from <source-user>
to <destination-user>
transfer folder, use the following command:
sudo -u www-data ./occ files:transfer-ownership \
<source-user> \
<destination-user>
You can also move a limited set of files from <source-user>
to <destination-user>
transfer folder by making use of the --path
switch, as in the example below.
Ownership of folder/to/move
and all files and folders which it contains will be transferred to <destination-user>
transfer folder.
sudo -u www-data ./occ files:transfer-ownership \
--path="folder/to/move" \
<source-user> \
<destination-user>
If the entire user folder of <source-user>
needs to be migrated to <destination-user>
user folder, use the --destination-use-user-folder
switch, as in the example below.
The destination user needs to be created but never log in, we recommend using owncloud maintenance mode for this operation.
sudo -u www-data ./occ files:transfer-ownership \
--destination-use-user-folder \
<source-user> \
<destination-user>
Please keep the following in mind when using this command:
-
The directory provided to the
--path
switch must exist insidedata/<source-user>/files
. -
The directory and its contents won’t be moved as-is between the users. It will be moved into the destination user’s
files
directory, into a directory name which follows the format:transferred from <source-user> on <timestamp>
. Using the example above, it will be stored under:data/<destination-user>/files/transferred from <source-user> on 20170426_124510/
-
Currently file versions can’t be transferred. Only the latest version of moved files will appear in the destination user’s account.
The files:troubleshoot-transfer-ownership command
This command is used to scan for problems, that might have occurred during a run of
ownership transfer using the above command files:transfer-ownership
.
It can also be used to automatically attempt to fix problems.
For example, transferred shares that may now have an invalid share owner.
By default, the command performs a dry run and displays the problems found to the console output. |
sudo -u www-data ./occ files:troubleshoot-transfer-ownership --help
Usage:
files:troubleshoot-transfer-ownership [options] [--] [<type>]
Options
|
perform auto-fix for found problems |
|
scope for particular user |
Run the command with one of the type arguments:
sudo -u www-data ./occ files:troubleshoot-transfer-ownership \
<all|invalid-owner|invalid-initiator>
The command can attempt to fix the issues with the --fix
flag,
or execute for a single user using --uid <uid>
sudo -u www-data ./occ files:troubleshoot-transfer-ownership all \
--fix \
--uid=UID
Files External
These commands replace the data/mount.json
configuration file used in ownCloud releases before 9.0.
Commands for managing external storage.
files_external
files_external:applicable Manage applicable users and groups for a mount
files_external:backends Show available authentication and storage backends
files_external:config Manage backend configuration for a mount
files_external:create Create a new mount configuration
files_external:delete Delete an external mount
files_external:export Export mount configurations
files_external:import Import mount configurations
files_external:list List configured mounts
files_external:option Manage mount options for a mount
files_external:verify Verify mount configuration
These commands replicate the functionality in the ownCloud Web GUI, plus two new features: files_external:export
and files_external:import
.
Use files_external:export
to export all admin mounts to stdout, and files_external:export [user_id]
to export the mounts of the specified ownCloud user.
These commands are only available when the "External storage support" app (files_external ) is enabled.
It is not available in single-user (maintenance) mode.
|
files_external:list
List configured mounts.
Arguments
|
User ID to list the personal mounts for, if no user is provided admin mounts will be listed. |
Options
|
Show passwords and secrets |
|
Show all mount options independent if they are set to their default value or not |
|
Don’t truncate long values in table output |
|
Show both system-wide mounts and all personal mounts. |
|
Show only a reduced mount info. |
|
Provide output values in a format compatible with files_external:import |
|
The output format to use ( |
Example
sudo -u www-data ./occ files_external:list user_1 --short
+----------+------------------+----------+
| Mount ID | Mount Point | Type |
+----------+------------------+----------+
| 1 | /mount_1 | Personal |
| 2 | /mount_2 | Personal |
+----------+------------------+----------+
The --importable-format option helps to make the technical mount settings visible.
To see all settings you still need to use the other options such as --show-password ,
--full and --all . When you want to export the mount settings for later import,
use the files_external:export command. files_external:export ensures that all the
necessary settings are included in the output.
|
files_external:applicable
Manage applicable users and groups for a mount.
Usage
files_external:applicable
[--add-user ADD-USER]
[--remove-user REMOVE-USER]
[--add-group ADD-GROUP]
[--remove-group REMOVE-GROUP]
[--remove-all]
[--output [OUTPUT]]
[--]
<mount_id>
Options
|
user to add as applicable (multiple values allowed). |
|
user to remove as applicable (multiple values allowed). |
|
group to add as applicable (multiple values allowed). |
|
group to remove as applicable (multiple values allowed). |
|
Set the mount to be globally applicable. |
|
The output format to use (plain, json or json_pretty, default is plain). |
files_external:backends
Show available authentication and storage backends.
files_external:config
Manage backend configuration for a mount.
files_external:create
Create a new mount configuration.
Usage
[source,plaintext
files_external:create [options] [--] <mount_point> <storage_backend> <authentication_backend>
Arguments
|
Mount point for the new mount. |
|
Storage backend identifier for the new mount, see
|
|
Authentication backend identifier for the new mount, see
|
Options
|
User to add the mount configurations for, if not set the mount will be added as system mount. |
|
Mount configuration option in |
|
Don’t save the imported mounts, only list the new mounts. |
|
The output format to use ( |
Storage Backend Details
Storage Backend | Identifier |
---|---|
Windows Network Drive |
|
WebDav |
|
Local |
|
ownCloud |
|
SFTP |
|
Amazon S3 |
|
Dropbox |
|
Google Drive |
|
SMB / CIFS |
|
Authentication Details
Authentication method | Identifier, name, configuration |
---|---|
Log-in credentials, save in session |
|
Log-in credentials, save in database |
|
User entered, store in database |
|
Global Credentials |
|
None |
|
Builtin |
|
Username and password |
|
OAuth1 |
|
OAuth2 |
|
RSA public key |
|
OpenStack |
|
Rackspace |
|
Access key (Amazon S3) |
|
(*) - Authentication methods require additional configuration.
Each Storage Backend needs its corresponding authentication methods. |
files_external:import
Import mount configurations.
Group Commands
The group
commands provide a range of functionality for managing ownCloud groups.
This includes creating and removing groups and managing group membership.
Group names are case-sensitive, so "Finance" and "finance" are two different groups.
The full list of commands is:
group
group:add Adds a group
group:add-member Add members to a group
group:delete Deletes the specified group
group:list List groups
group:list-members List group members
group:remove-member Remove member(s) from a group
Creating Groups
You can create a new group with the group:add
command. The syntax is:
group:add groupname
This example adds a new group, called "Finance":
sudo -u www-data ./occ group:add Finance
Created group "Finance"
Listing Groups
You can list the names of existing groups with the group:list
command.
The syntax is:
group:list [options] [<search-pattern>]
Groups containing the search-pattern
string are listed.
Matching is not case-sensitive.
If you do not provide a search-pattern then all groups are listed.
Options
|
Output format (plain, json or json_pretty, default is plain) [default: "plain"]. |
This example lists groups containing the string "finance".
sudo -u www-data ./occ group:list finance
- All-Finance-Staff
- Finance
- Finance-Managers
This example lists groups containing the string "finance" formatted with json_pretty
.
sudo -u www-data ./occ group:list --output=json_pretty finance
[
"All-Finance-Staff",
"Finance",
"Finance-Managers"
]
Listing Group Members
You can list the user IDs of group members with the group:list-members
command.
The syntax is:
group:list-members [options] <group>
Options
|
Output format (plain, json or json_pretty, default is plain) [default: "plain"]. |
This example lists members of the "Finance" group.
sudo -u www-data ./occ group:list-members Finance
- aaron: Aaron Smith
- julie: Julie Jones
This example lists members of the Finance group formatted with json_pretty
.
sudo -u www-data ./occ group:list-members --output=json_pretty Finance
{
"aaron": "Aaron Smith",
"julie": "Julie Jones"
}
Adding Members to Groups
You can add members to an existing group with the group:add-member
command.
Members must be existing users.
The syntax is:
group:add-member [-m|--member [MEMBER]] <group>
This example adds members "aaron" and "julie" to group "Finance":
sudo -u www-data ./occ group:add-member --member aaron --member julie Finance
User "aaron" added to group "Finance"
User "julie" added to group "Finance"
You may attempt to add members that are already in the group, without error. This allows you to add members in a scripted way without needing to know if the user is already a member of the group. For example:
sudo -u www-data ./occ group:add-member --member aaron --member julie --member fred Finance
User "aaron" is already a member of group "Finance"
User "julie" is already a member of group "Finance"
User fred" added to group "Finance"
Removing Members from Groups
You can remove members from a group with the group:remove-member
command.
The syntax is:
group:remove-member [-m|--member [MEMBER]] <group>
This example removes members "aaron" and "julie" from group "Finance".
sudo -u www-data ./occ group:remove-member --member aaron --member julie Finance
Member "aaron" removed from group "Finance"
Member "julie" removed from group "Finance"
You may attempt to remove members that have already been removed from the group, without error. This allows you to remove members in a scripted way without needing to know if the user is still a member of the group. For example:
sudo -u www-data ./occ group:remove-member --member aaron --member fred Finance
Member "aaron" could not be found in group "Finance"
Member "fred" removed from group "Finance"
Integrity Check
Apps which have an official tag must be code signed. Unsigned official apps won’t be installable anymore. Code signing is optional for all third-party applications.
integrity
integrity:check-app Check app integrity using a signature.
integrity:check-core Check core integrity using a signature.
integrity:sign-app Signs an app using a private key.
integrity:sign-core Sign core using a private key
After creating your signing key, sign your app like this example:
sudo -u www-data ./occ integrity:sign-app \
--privateKey=/Users/karlmay/contacts.key \
--certificate=/Users/karlmay/CA/contacts.crt \
--path=/Users/karlmay/Programming/contacts
Verify your app:
sudo -u www-data ./occ integrity:check-app --path=/pathto/app appname
When it returns nothing, your app is signed correctly. When it returns a message then there is an error.
integrity:sign-core
is for ownCloud core developers only.
See code signing to learn more. |
l10n, Create Javascript Translation Files for Apps
This command creates JavaScript and JSON translation files for ownCloud applications.
The command does not update existing translations if the source translation file has been updated. It only creates translation files when none are present for a given language. |
l10n
l10n:createjs Create Javascript translation files for a given app
The command takes two parameters; these are:
-
app
: the name of the application. -
lang
: the output language of the translation files; more than one can be supplied.
To create the two translation files, the command reads translation data from a source PHP translation file.
A Working Example
In this example, we’ll create Austrian German translations for the Comments app.
This example assumes that the ownCloud directory is /var/www/owncloud and that it uses ownCloud’s standard apps directory, app .
|
First, create a source translation file in /var/www/owncloud/apps/comments/l10n
, called de_AT.php
.
In it, add the required translation strings, as in the following example.
Refer to the developer documentation on creating translation files, if you’re not familiar with creating them.
<?php
// The source string is the key, the translated string is the value.
$TRANSLATIONS = [
"Share" => "Freigeben"
];
$PLURAL_FORMS = "nplurals=2; plural=(n != 1);";
After that, run the following command to create the translation.
sudo -u www-data ./occ l10n:createjs comments de_AT
This will generate two translation files, de_AT.js
and de_AT.json
, in /var/www/owncloud/apps/comments/l10n
.
Logging Commands
These commands view and configure your ownCloud logging preferences.
log
log:manage Manage logging configuration
log:owncloud Manipulate ownCloud logging backend
Command Description
Run log:owncloud
to see your current logging status:
sudo -u www-data ./occ log:owncloud
Log backend ownCloud: enabled
Log file: /opt/owncloud/data/owncloud.log
Rotate at: disabled
Options
|
Enable this logging backend. |
|
Set the log file path. |
|
Set the file size for log rotation, 0 = disabled. |
Use the --enable
option to turn on logging. Use --file
to set a different log file path.
Set your rotation by log file size in bytes with --rotate-size
; 0 disables rotation.
Run log:manage
to set your logging backend, log level, and timezone:
The defaults are owncloud
, Warning
, and UTC
.
Options for log:manage
:
|
Set the logging backend [owncloud, syslog, errorlog]. |
|
Set the log level [debug, info, warning, error, fatal]. |
Log level can be adjusted by entering the number or the name:
sudo -u www-data ./occ log:manage --level 4
sudo -u www-data ./occ log:manage --level error
Setting the log level to debug ( 0 ) can be used for finding the cause of an error, but should not be the standard as it increases the log file size. |
Managing Background Jobs
Use the background:queue
command to manage background jobs.
background:queue
background:queue:delete Delete a job from the queue
background:queue:execute Run a single background job from the queue
background:queue:status List queue status
Deleting a Background Job
The command background:queue:delete
deletes a queued background job.
It requires the job id of the job to be deleted.
background:queue:delete <Job ID>
Executing a Background Job
The command background:queue:execute
executes a queued background job.
It requires the job id of the job to be executed.
background:queue:execute [options] [--] <Job ID>
Options
|
Force run the job even if within timing interval |
|
No warning about the usage of this command will be displayed |
This example executes queued background job #12.
sudo -u www-data ./occ background:queue:execute 12
This command is for maintenance and support purposes.
This will run the specified background job now. Regular scheduled runs of the job will
continue to happen at their scheduled times.
If you still want to use this command please confirm the usage by entering: yes
yes
Found job: OCA\UpdateNotification\Notification\BackgroundJob with ID 12
Running job...
Finished in 0 seconds
List Queued Backgroundjobs
The command background:queue:status
will list queued background jobs, including details when it last ran.
background:queue:status
Options
|
Also display jobs that are no longer valid |
This example lists the queue status:
sudo -u www-data ./occ background:queue:status
+--------+----------------------------------------------------+---------------+----------+---------------------------+-------------+------------------------+
| Job ID | Job | Job Arguments | Last Run | Last Checked | Reserved At | Execution Duration (s) |
+--------+----------------------------------------------------+---------------+----------+---------------------------+-------------+------------------------+
| 1 | OCA\Files\BackgroundJob\ScanFiles | | N/A | 2022-09-08T16:42:47+00:00 | N/A | N/A |
| 2 | OCA\Files\BackgroundJob\DeleteOrphanedItems | | N/A | 2022-09-08T16:42:47+00:00 | N/A | N/A |
| 3 | OCA\Files\BackgroundJob\CleanupFileLocks | | N/A | 2022-09-08T16:42:47+00:00 | N/A | N/A |
| 4 | OCA\Files\BackgroundJob\CleanupPersistentFileLocks | | N/A | 2022-09-08T16:42:47+00:00 | N/A | N/A |
| 5 | OCA\Files\BackgroundJob\PreviewCleanupJob | | N/A | 2022-09-08T16:42:47+00:00 | N/A | N/A |
| 6 | OCA\DAV\CardDAV\SyncJob | | N/A | 2022-09-08T16:42:49+00:00 | N/A | N/A |
| 7 | OCA\DAV\BackgroundJob\CleanProperties | | N/A | 2022-09-08T16:42:49+00:00 | N/A | N/A |
| 8 | OCA\Activity\BackgroundJob\EmailNotification | | N/A | 2022-09-08T16:42:49+00:00 | N/A | N/A |
| 9 | OCA\Activity\BackgroundJob\ExpireActivities | | N/A | 2022-09-08T16:42:49+00:00 | N/A | N/A |
| 10 | OCA\Federation\SyncJob | | N/A | 2022-09-08T16:42:50+00:00 | N/A | N/A |
| 11 | OCA\Files_Sharing\DeleteOrphanedSharesJob | | N/A | 2022-09-08T16:42:51+00:00 | N/A | N/A |
| 12 | OCA\Files_Sharing\ExpireSharesJob | | N/A | 2022-09-08T16:42:51+00:00 | N/A | N/A |
| 13 | OCA\Files_Sharing\External\ScanExternalSharesJob | | N/A | 2022-09-08T16:42:51+00:00 | N/A | N/A |
| 14 | OCA\Files_Trashbin\BackgroundJob\ExpireTrash | | N/A | 2022-09-08T16:42:51+00:00 | N/A | N/A |
| 15 | OCA\Files_Versions\BackgroundJob\ExpireVersions | | N/A | 2022-09-08T16:42:51+00:00 | N/A | N/A |
| 16 | OCA\Market\CheckUpdateBackgroundJob | | N/A | 2022-09-08T16:42:51+00:00 | N/A | N/A |
| 17 | OCA\UpdateNotification\Notification\BackgroundJob | | N/A | 2022-09-08T16:42:52+00:00 | N/A | N/A |
| 18 | OC\Authentication\Token\DefaultTokenCleanupJob | | N/A | 2022-09-08T16:42:52+00:00 | N/A | N/A |
+--------+----------------------------------------------------+---------------+----------+---------------------------+-------------+------------------------+
There may be background jobs that are no longer valid. This can be because they are for an app that is now disabled or deleted, or jobs from an older version of an app that are no longer relevant. These jobs can be displayed with the --display-invalid-jobs
option. Invalid jobs are listed with status "invalid". You can then delete invalid jobs with the background:queue:delete
command using the job id.
sudo -u www-data ./occ background:queue:status --display-invalid-jobs
+--------+----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------+---------------------------+-------------+------------------------+---------+
| Job ID | Job | Job Arguments | Last Run | Last Checked | Reserved At | Execution Duration (s) | Status |
+--------+----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------+---------------------------+-------------+------------------------+---------+
| 1 | OCA\Files\BackgroundJob\ScanFiles | | 2023-07-21T08:25:49+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 2 | OCA\Files\BackgroundJob\DeleteOrphanedItems | | 2023-07-21T08:25:48+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 3 | OCA\Files\BackgroundJob\CleanupFileLocks | | 2023-07-21T08:25:48+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 4 | OCA\Files\BackgroundJob\CleanupPersistentFileLocks | | 2023-07-21T08:25:48+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 5 | OCA\DAV\CardDAV\SyncJob | | 2023-07-21T07:10:30+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 6 | OCA\DAV\BackgroundJob\CleanProperties | | 2023-07-21T07:10:30+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 7 | OCA\Federation\SyncJob | | 2023-07-21T07:10:31+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 8 | OCA\Files_Sharing\DeleteOrphanedSharesJob | | 2023-07-21T08:25:49+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 9 | OCA\Files_Sharing\ExpireSharesJob | | 2023-07-21T07:10:31+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 10 | OCA\Files_Trashbin\BackgroundJob\ExpireTrash | | 2023-07-21T08:25:49+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 11 | OCA\Files_Versions\BackgroundJob\ExpireVersions | | 2023-07-21T08:25:49+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 12 | OCA\UpdateNotification\Notification\BackgroundJob | | 2023-07-21T07:10:31+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 23 | OCA\Files_Antivirus\Cron\Task | null | 1687247852 | 1689923430 | 1689923430 | 0 | invalid |
| 66 | OCA\Files_Sharing\External\ScanExternalSharesJob | | 2023-07-21T08:25:49+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
| 227 | OCA\Search_Elastic\Jobs\DeleteJob | null | 0 | 1689923433 | 1689923433 | -1 | invalid |
| 228 | OCA\Files\BackgroundJob\PreviewCleanupJob | | 2023-07-21T08:25:49+00:00 | 2023-07-21T08:26:28+00:00 | N/A | 0 | |
+--------+----------------------------------------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------+---------------------------+-------------+------------------------+---------+
Maintenance Commands
Use these commands when you upgrade ownCloud, manage encryption, perform backups and other tasks that require locking users out until you are finished.
maintenance
maintenance:data-fingerprint Update the systems data-fingerprint after a backup is restored
maintenance:install Install ownCloud
maintenance:mimetype:update-db Update database mimetypes and update filecache
maintenance:mimetype:update-js Update mimetypelist.js
maintenance:mode Set maintenance mode
maintenance:repair Repair this installation
maintenance:singleuser Set single user mode
maintenance:update:htaccess Updates the .htaccess file
Update the Systems Data-Fingerprint
When a backup has been restored, the ETag information, which is necessary when accessing ownCloud with clients, has been changed. Run the following command to tell desktop and mobile clients that a server backup has been restored.
sudo -u www-data ./occ maintenance:data-fingerprint
This command changes the ETag for all files in the communication with sync clients, informing them that one or more files were modified. After the command completes, users will be prompted to resolve any conflicts between newer and older file versions.
Install ownCloud
This command is only available if the following key in your config.php is not present or set to false . This is the case when the installation has not been made or not finalized. This key automatically turns to true after a successful installation. This results in the command no longer being available.
|
'installed' => false,
sudo -u www-data ./occ maintenance:install [options]
The maintenance:install
command supports the following options:
Option | Description |
---|---|
|
Supported database type. [default: |
|
Oracle specific connection string. As soon as this parameter is provided, other parameters like database-host and database-name are not used and do not need to be provided. |
|
Name of the database. |
|
Hostname of the database. [default: "localhost"] |
|
User name to connect to the database. |
|
Password of the database user. |
|
Prefix for all tables (default: oc_). |
|
User name of the admin account. [default: "admin"] |
|
Password of the admin account. |
|
Path to the data directory. [default: "/var/www/owncloud/data"] |
Update Database Mimetypes
Update database mimetypes and file cache.
Usage:
sudo -u www-data ./occ maintenance:mimetype:update-db [options]
The maintenance:mimetype:update-db
command supports the following options:
Option | Description |
---|---|
|
Repair the file cache for all mimetypes, not just the new ones. |
Update the mimetypelist.js File
This command updates the mimetypelist.js
file.
Usage:
sudo -u www-data ./occ maintenance:update-js
Enable or Disable Maintenance Mode
maintenance:mode
command locks the sessions of all logged-in users, including administrators, and displays a status screen warning that the server is in maintenance mode. Users who are not already logged in cannot log in until maintenance mode is turned off. Once you take the server out of maintenance mode, logged-in users must refresh their Web browsers to continue working.
Usage:
sudo -u www-data ./occ maintenance:mode [options]
The maintenance:mode
command supports the following options:
Option | Description |
---|---|
|
Enable maintenance mode. |
|
Disable maintenance mode. |
Turn on maintenance mode:
sudo -u www-data ./occ maintenance:mode --on
Turn it off when you’re finished with the maintenance tasks:
sudo -u www-data ./occ maintenance:mode --off
Installation Repair Commands
The maintenance:repair
command helps administrators repair an installation. The command runs automatically during upgrades to clean up the database. So, while you can run it manually, there usually isn’t a need to.
Your ownCloud installation needs to be in maintenance mode to use the maintenance:repair command.
|
Usage:
sudo -u www-data ./occ maintenance:repair [options]
Repair Command Options
The maintenance:repair
command supports the following options:
Option | Description |
---|---|
|
Lists all possible repair steps. |
|
Run just one repair step given its class name. |
|
Use this option when you want to include resource and load expensive tasks. |
Running All Repair Steps
Here is an example of running the command:
sudo -u www-data ./occ maintenance:repair
To list all off the possible repair steps, use the --list
option. It should output the following list to the console:
Found 16 repair steps
OC\Repair\RepairMimeTypes -> Repair mime types
OC\Repair\RepairMismatchFileCachePath -> Detect file cache entries with path that does not match parent-child relationships
OC\Repair\FillETags -> Generate ETags for file where no ETag is present.
OC\Repair\CleanTags -> Clean tags and favorites
OC\Repair\DropOldTables -> Drop old database tables
OC\Repair\DropOldJobs -> Drop old background jobs
OC\Repair\RemoveGetETagEntries -> Remove getetag entries in properties table
OC\Repair\RepairInvalidShares -> Repair invalid shares
OC\Repair\RepairSubShares -> Repair sub shares
OC\Repair\SharePropagation -> Remove old share propagation app entries
OC\Repair\MoveAvatarOutsideHome -> Move user avatars outside the homes to the new location
OC\Repair\RemoveRootShares -> Remove shares of a users root folder
OC\Repair\RepairUnmergedShares -> Repair unmerged shares
OC\Repair\DisableExtraThemes -> Disable extra themes
OC\Repair\OldGroupMembershipShares -> Remove shares of old group memberships
OCA\DAV\Repair\RemoveInvalidShares -> Remove invalid calendar and addressbook shares
Running a Single Repair Step
To run a single repair step, use either the -s
or --single
options, as in the following example.
Usage:
sudo -u www-data ./occ maintenance:repair \
--single="OCA\DAV\Repair\RemoveInvalidShares"
The step’s name must be quoted, otherwise you will see the following warning message appear, and the command will fail: "Repair step not found. Use --list to show available steps." |
Single User Mode
Putting your ownCloud server into single-user mode allows admins to log in and work, but not ordinary users. This is useful for performing maintenance and troubleshooting on a running server.
Usage:
sudo -u www-data ./occ maintenance:singleuser --on
Turn it off when you’re finished:
sudo -u www-data ./occ maintenance:singleuser --off
Migration Steps Command
You can run migration steps with the migrations
command.
sudo -u www-data ./occ migrations:execute <app> <version>
Mimetype Update Commands
maintenance:mimetype:update-db
updates the ownCloud database and file cache with changed mimetypes found in config/mimetypemapping.json
.
Run this command after modifying config/mimetypemapping.json
.
If you change a mimetype, run maintenance:mimetype:update-db --repair-filecache
to apply the change to existing files.
Notifications
If you want to send notifications to users or groups use the following command.
notifications
notifications:generate Generates a notification.
Command Description
sudo -u www-data ./occ notifications:generate [-u|--user USER] [-g|--group GROUP] [-l|--link <linktext>] [--] <subject> [<message>]
Arguments:
|
The notification subject - maximum 255 characters. |
|
A more extended message - maximum 4000 characters. |
|
A link to an HTML page. |
Options
|
User id to whom the notification shall be sent. |
|
Group id to whom the notification shall be sent. |
|
A link associated with the notification. |
At least one user or group must be set. A link can be useful for notifications shown in client apps. Example:
sudo -u www-data ./occ notifications:generate -g Office "Emergency Alert" "Rebooting in 5min"
Previews Commands
A set of commands to remove unreferenced preview images:
previews
previews:cleanup Remove unreferenced previews
Cleanup
Removing not referenced previews can be necessary, e.g., when the image has been deleted or the ID of the mountpoint changes which happens when renaming it. Previews will be generated anew when accessing the image again, but not referenced previews are orphans. To avoid orphans, an occ command has been added to manually remove those not referenced previews as they are eating up storage space unnecessarily. In addition, a background job has been created which automatically removes them on a regular basis. For more info see the Background Job section and the example listing OCA\Files\BackgroundJob\PreviewCleanupJob.
sudo -u www-data ./occ previews:cleanup [options] [--] [<chunk_size>]
Options
|
Run as many loops until no chunks remain |
Description:
-
The value of
chunk size
defines the number of files being processed in one loop and also how often a database commit will be made. The lower the number, the more commits are generated. -
if
--all
is set, the loop will loop until all are processed -
if
--all
is not set, the loop will run once
|
Example
In the example below, you run one loop with max (default) 1000 files processed.
sudo -u www-data ./occ previews:cleanup
Other combinations could be:
-
previews:cleanup — 50
: run once and process 50 files -
previews:cleanup --all 50
: process all files in blocks of 50 files
Background Job
The background job to cleanup previews is added by default and suits smaller installations of the community edition. The occ command should be used in regular system cron jobs on bigger installations using the enterprise edition. In this case, the background job can stay enabled, but in combination with a cron job admins have better control. Note that you also can remove a background job if it does not fit your environment.
Poll Incoming Federated Shares For Updates
This command must be used if received federated shares are being referenced by desktop clients but not regularly accessed via the webUI. This is because, for performance reasons, federated shares do not update automatically. Instead, federated share directories are only updated when users browse them using the webUI.
ownCloud and system administrators can use the incoming-shares:poll
command to poll federated shares for updates.
The command polls all received federated shares, so does not require a path. |
sudo -u www-data ./occ incoming-shares:poll
When using federation, it is recommended to execute Executing the command once every 12 hours should be safe enough for most instances. However, the interval can be reduced to once every 2 hours, for instances with a small number of federated shares. Depending on the desired resource consumption, this value should be lowered or increased based on individual expectations. To find a value that fits a specific setup, it is recommended to execute the command once, measure the execution time and set the interval, so that the background job can finish before the next execution is triggered. |
Security
Use these commands when you manage security related tasks. Routes displays all routes of ownCloud. You can use this information to grant strict access via firewalls, proxies or load balancers etc.
Command Description
security:routes [options]
Options
|
Output format (plain, json or json-pretty, default is plain). |
|
Adds more details to the output. |
Example 1:
sudo -u www-data ./occ security:routes
+-----------------------------------------------------------+-----------------+
| Path | Methods |
+-----------------------------------------------------------+-----------------+
| /apps/federation/auto-add-servers | POST |
| /apps/federation/trusted-servers | POST |
| /apps/federation/trusted-servers/<id> | DELETE |
| /apps/files/ | GET |
| /apps/files/ajax/download.php | |
...
Example 2:
sudo -u www-data ./occ security:routes --output=json-pretty
[
{
"path": "\/apps\/federation\/auto-add-servers",
"methods": [
"POST"
]
},
Example 3:
sudo -u www-data ./occ security:routes --with-details
+---------------------------------------------+---------+-------------------------------------------------------+--------------------------------+
| Path | Methods | Controller | Annotations |
+---------------------------------------------+---------+-------------------------------------------------------+--------------------------------+
| /apps/files/api/v1/sorting | POST | OCA\Files\Controller\ApiController::updateFileSorting | NoAdminRequired |
| /apps/files/api/v1/thumbnail/{x}/{y}/{file} | GET | OCA\Files\Controller\ApiController::getThumbnail | NoAdminRequired,NoCSRFRequired |
...
The following commands manage server-wide SSL certificates. These are useful when you create federation shares with other ownCloud servers that use self-signed certificates.
security:certificates List trusted certificates
security:certificates:import Import trusted certificate
security:certificates:remove Remove trusted certificate
This example lists your installed certificates:
sudo -u www-data ./occ security:certificates
Import a new certificate:
sudo -u www-data ./occ security:certificates:import /path/to/certificate
Remove a certificate:
sudo -u www-data ./occ security:certificates:remove [certificate name]
Sharing
Cleanup Remote Storages
This is an occ command to clean up orphaned remote storages.
To explain why this is necessary, a little background is required.
While shares are able to be deleted as a normal matter of course, remote storages with shared::
are not included in this process.
This might not, normally, be a problem.
However, if a user has re-shared a remote share which has been deleted it will.
This is because when the original share is deleted, the remote re-share reference is not.
Internally, the fileid
will remain in the file cache and storage for that file will not be deleted.
As a result, any user(s) who the share was re-shared with will now get an error when trying to access that file or folder. That’s why the command is available. So, to cleanup all orphaned remote storages, run it as follows:
sudo -u www-data ./occ sharing:cleanup-remote-storages
You can also set it up to run as a background job.
These commands are not available in single-user (maintenance) mode. |
Allow to Temporarily Ignore Invalid Federated Shares
Currently, if a federated share is invalid or the API endpoint returns a "not found", the availability check tests whether this is a problem with a server. If checks complete, that given share is removed. However, in some cases these checks might not be enough like in complex migrations of tightly federated setups. In that case, invalidation behavior can be disabled using the below app setting. When set, instead of removing the share, a warning is displayed in the browser.
sudo -u www-data ./occ config:app:set files_sharing enable_cleanup_invalid_external_shares --value no
To revert that setting to its default behavior, run:
sudo -u www-data ./occ config:app:delete files_sharing enable_cleanup_invalid_external_shares
System Commands
system
system:cron Execute background jobs as cron
sudo -u www-data ./occ -h system:cron
-Usage:
system:cron [options]
Options
-p, --progress |
Shows a progress bar - for use in manual execution. Do not use when executing from crontab |
To execute background jobs using cron, you can use the system:cron
command, as in the following example:
sudo -u www-data ./occ system:cron
If the --progress
or -p
argument is specified, then progress output will be displayed in the console, as in the example below.
Executing: 12 - OCA\UpdateNotification\Notification\BackgroundJob
13 [------------->--------------]
If neither of these arguments is provided, no output will be displayed by the command.
Displaying progress information is useful when you want visual confirmation that background jobs have been executed. However, in a non-interactive environment, such as crontab, it should not be used. |
Updating an Existing System Cron Configuration
If you have already automated background jobs via Cron, you must update the relevant Instead of the following configuration
Use the following one instead
|
This command does not work if:
|
Trashbin
These commands are only available when the 'Deleted files' app (files_trashbin ) is enabled.
These commands are not available in single-user (maintenance) mode.
|
trashbin
trashbin:cleanup Remove deleted files
trashbin:expire Expires the users trash bin
The trashbin:cleanup
command removes the deleted files of the specified users in a space-delimited list, or all users if none are specified.
This example removes all the deleted files of all users:
sudo -u www-data ./occ trashbin:cleanup
Remove all deleted files
Remove deleted files for users on backend Database
freda
molly
stash
rosa
edward
This example removes the deleted files of users molly
and freda
:
sudo -u www-data ./occ trashbin:cleanup molly freda
Remove deleted files of molly
Remove deleted files of freda
trashbin:expire
deletes only expired files according to the trashbin_retention_obligation
setting in config.php
(see the "Deleted Files" section documentation).
The default is to delete expired files for all users, or you may list users in a space-delimited list.
Two-Factor Authentication
The following commands only enable or disable the two-factor authentication for a particular user. See the Two-Factor TOTP section for managing the two-factor app provided by ownCloud.
If a two-factor provider app is enabled, it is enabled for all users by default but a user has to opt-in, though the provider can decide whether or not the user has to pass the challenge. In case a user is losing access to the second factor like a lost or defect phone with two-factor SMS/app verification, the user would now be locked out. To give the user access to his account, an admin can temporarily disable the two-factor check for that user via the occ command. After the issue has been fixed, the admin can reenable two-factor authentication for that user.
The following commands are available for the two-factor authentication:
twofactorauth
twofactorauth:disable Disable two-factor authentication for a user.
twofactorauth:enable Enable two-factor authentication for a user.
User Commands
The user
commands provide a range of functionality for managing ownCloud users.
This includes: creating and removing users, resetting user passwords, displaying a report which shows how many users you have, and when a user was last logged in.
The full list, of commands is:
user
user:add Adds a user
user:delete Deletes the specified user
user:disable Disables the specified user
user:enable Enables the specified user
user:home List home directories and users in a particular home
user:inactive Reports users who are known to owncloud,
but have not logged in for a certain number of days
user:lastseen Shows when the user was logged in last time
user:list List users
user:list-groups List groups for a user
user:modify Modify user details
user:move-home Move a user's home folder to a new location
user:report Shows how many users have access
user:resetpassword Resets the password of the named user
user:setting Read and modify user application settings
user:sync Sync local users with an external backend service
Creating Users
You can create a new user with the user:add
command.
sudo -u www-data ./occ user:add \
[--password-from-env] \
[--display-name [DISPLAY-NAME]] \
[--email [EMAIL]] \
[-g|--group [GROUP]] \
[--] \
<uid>
Arguments
|
User ID used to login (must only contain a-z, A-Z, 0-9, -, _ and @). |
|
Read the password from the |
|
This corresponds to the Full Name on the Users page in your ownCloud Web UI. |
|
Email address for the user (optional). The user will be emailed a link to set their password, if email is configured correctly. |
|
The groups the user should be added to. The group will be created if it does not exist. Multiple values are allowed. |
Command Examples
This example adds new user, Layla Smith, and adds her to the users
and db-admins
groups.
If either group does not exist, it is created.
sudo -u www-data ./occ user:add \
--display-name="Layla Smith" \
--group="users" \
--group="db-admins" \
--email=layla.smith@example.com layla
Enter password:
Confirm password:
The user "layla" was created successfully
Display name set to "Layla Smith"
Email address set to "layla.smith@example.com"
User "layla" added to group "users"
User "layla" added to group "db-admins"
sudo -u www-data ./occ user:add \
--display-name "Layla Smith" \
--email "***********" \
--group "users" \
--group "db-admins" layla
The user "layla" was created successfully
Display name set to "Layla Smith"
Email address set to "************"
User layla added to group users
User layla added to group db-admins
Deleting A User
To delete a user, you use the user:delete
command.
sudo -u www-data ./occ user:delete [options] [--] <uid>
Disable Users
Admins can disable users via the occ command too:
sudo -u www-data ./occ user:disable <uid>
List User Home Directories
List all available root directories for user homes that are currently in use. For details see Moving the User Home documentation.
This command is complementary when using user:move-home
.
sudo -u www-data ./occ user:home:list-dirs [options]
List all Users For a Given Home Directory
List all users that have their home in a given path. For details see Moving the User Home documentation.
This command is complementary when using user:move-home
.
sudo -u www-data ./occ user:home:list-users [options] [--] [<path>]
Options
|
List all users for every home path. |
|
Output format (plain, json or json_pretty, default is plain) [default: "plain"]. |
Examples
Note for the example below, some user accounts originated from LDAP.
sudo -u www-data ./occ user:home:list-users /var/www/owncloud/data
- admin
- aca4c3ec-691d-103b-8380-55a4da3d3a76
- 9918b614-6a2e-103b-89a7-f5edf5d332f5
- c298ae18-6a2e-103b-89a8-f5edf5d332f5
- dbcca7b4-7306-103b-813a-19652cf0a9d2
Run the following command to list all users from all available home directories. The example shows, that user lisa
has been moved to a different home directory with user:move-home
.
sudo -u www-data ./occ user:home:list-users --all
- /mnt/newhome_1
- lisa
- /var/www/owncloud/data
- admin
- user01
Finding Inactive Users
To view a list of users who’ve not logged in for a given number of days, use the user:inactive
command.
sudo -u www-data ./occ user:inactive [options] [--] <days>
Options
|
Output format (plain, json or json_pretty, default is plain) [default: "plain"]. |
The example below searches for users inactive for five days or more:
sudo -u www-data ./occ user:inactive 5
By default, this will generate output in the following format:
- 0:
- uid: admin
- displayName: admin
- inactiveSinceDays: 5
You can see a counting number starting with 0
, the user’s user ID, display name and the number of days they’ve been inactive. If you’re passing or piping this information to another application for further processing, you can also use the --output
switch to change its format. Using the output option json
will render the output formatted as follows.
[{"uid":"admin","displayName":"admin","inactiveSinceDays":5}]
Using the output option json_pretty
will render the output formatted as follows.
[
{
"uid": "admin",
"displayName": "admin",
"inactiveSinceDays": 5
}
]
Finding the User’s Last Login
To view a user’s most recent login, use the user:lastseen
command:
sudo -u www-data ./occ user:lastseen <uid>
Listing Users
You can list existing users with the user:list
command.
sudo -u www-data ./occ user:list [options] [<search-pattern>]
User IDs containing the search-pattern
string are listed.
Matching is not case-sensitive.
If you do not provide a search-pattern then all users are listed.
Options
|
Output format (plain, json or json-pretty, default is plain). |
|
Adds more details to the output. |
|
All attributes to include from |
This example lists user IDs containing the string ron
sudo -u www-data ./occ user:list ron
- aaron: Aaron Smith
The output can be formatted in JSON with the output option json
or json_pretty
.
sudo -u www-data ./occ user:list --output=json_pretty
{
"aaron": "Aaron Smith",
"herbert": "Herbert Smith",
"julie": "Julie Jones"
}
This example lists all users including the attribute enabled
.
sudo -u www-data ./occ user:list -a enabled
- admin: true
- foo: true
Listing Group Membership of a User
You can list the group membership of a user with the user:list-groups
command.
sudo -u www-data ./occ user:list-groups [options] [--] <uid>
Examples
This example lists group membership of user julie
:
sudo -u www-data ./occ user:list-groups julie
- Executive
- Finance
The output can be formatted in JSON with the output option json
or json_pretty
:
sudo -u www-data ./occ user:list-groups --output=json_pretty julie
[
"Executive",
"Finance"
]
Modify User Details
This command modifies either the users username or email address.
sudo -u www-data ./occ user:modify [options] [--] <uid> <key> <value>
Arguments
|
User ID used to login. |
|
Key to be changed. Valid keys are: |
|
The new value of the key. |
All three arguments are mandatory and can not be empty. Example to set the email address:
sudo -u www-data ./occ user:modify carla email foobar@foo.com
The email address of carla
is updated to foobar@foo.com
.
Move a Users Home Folder
This command moves a user’s home folder to a new location. For details see Moving the User Home documentation. Note that moving a users home is only possible for POSIX file systems. Also see the user:home
commands for additional support.
sudo -u www-data ./occ user:move-home <user_id> <new_location>
Arguments
|
ID of the user whose home folder is to be moved. |
|
Absolute path to the parent folder of the new location of the home folder. |
You must not use temp directories like
|
Example:
sudo -u www-data ./occ user:move-home lisa /mnt/newhome_1
This command moves the home directory of user lisa
to the new location /mnt/newhome_1
Generating a User Count Report
Generate a simple report that counts all users including users on external user authentication servers such as LDAP, and guest users which are created by the guests app.
sudo -u www-data ./occ user:report
There are no arguments and no options beside the default once to parametrize the output.
sudo -u www-data ./occ user:report
+--------------------------+-----+
| User Report | |
+--------------------------+-----+
| OCA\User_LDAP\User_Proxy | 23 |
| OC\User\Database | 100 |
| | |
| guest users | 20 |
| | |
| total users | 143 |
| | |
| user directories | 4 |
+--------------------------+-----+
A user directory is created, when a local user has logged on the first time after creation. Therefore the difference between OC\User\Database and user directories equals all users which have been created locally, but have not logged on at least once.
|
Setting a User’s Password
Resets the password of the named user.
sudo -u www-data ./occ user:resetpassword [options] [--] <user>
Password changes automatically log out all connected browsers/devices. |
Options
|
Read the password from the OC_PASS environment variable. |
|
The email ID set while creating the user, will be used to send. link for password reset. This option will also display the link sent to user. |
|
The link to reset the password will be displayed. |
password-from-env
allows you to set the user’s password from an environment variable. This prevents the password from being exposed to all users via the process list and will only be visible in the history of the user (root) running the command. This also permits creating scripts for adding multiple new users.
To use password-from-env you must run as "real" root, rather than sudo , because sudo strips environment variables.
|
To use send-email , the ownCloud instance must have email access fully configured.
|
Examples
Add a new user, called Fred Jones:
export OC_PASS=newpassword
su -s /bin/sh www-data -c 'occ user:add --password-from-env
--display-name="Fred Jones" --group="users" fred'
The user "fred" was created successfully
Display name set to "Fred Jones"
User "fred" added to group "users"
You can reset any user’s password, including administrators (see Reset Admin Password):
sudo -u www-data ./occ user:resetpassword layla
Enter a new password:
Confirm the new password:
Successfully reset password for layla
You may also use password-from-env
to reset passwords:
export OC_PASS=newpassword
su -s /bin/sh www-data -c 'occ user:resetpassword \
--password-from-env \
layla'
Successfully reset password for layla
This example emails a password reset link to the user. Additionally, when the command completes, it outputs the password reset link to the console:
sudo -u www-data ./occ user:resetpassword \
--send-email \
--output-link \
layla
The password reset link is: http://localhost:8080/index.php/lostpassword/reset/form/rQAlCjNeQf3aphA6Hraq2/layla
If the specified user does not have a valid email address set, then the following error will be output to the console, and the email will not be sent:
Email address is not set for the user layla
User Application Settings
To manage application settings for a user, use the user:setting
command. This command provides the ability to:
-
Retrieve all settings for an application
-
Retrieve a single setting
-
Set a setting value
-
Delete a setting
sudo -u www-data ./occ user:setting [options] [--] <uid> [[<app> [<key>]]
Arguments
|
User ID used to login. |
|
Restrict listing the settings for a given app. [default: ""]. |
|
Setting key to set, get or delete [default: ""]. |
Options
|
Output format (plain, json or json-pretty, default is plain). |
|
Use this option to ignore errors when the user does not exist. |
|
If no default value is set and the config does not exist, the command |
|
The new value of the setting. |
|
Only updates the value, if it is not set before, it is not being added. |
|
Specify this option to delete the config. |
|
Checks whether the setting exists before deleting it. |
The descriptions for the app
and key
arguments may not be completely transparent. Here’s a description of both.
Argument | Description |
---|---|
|
When a value is supplied, |
|
This value specifies the setting key to be manipulated (set, retrieved, or deleted) by the |
Retrieving User Settings
To retrieve settings for a user, you need to call the user:setting
command and supply at least the user’s user name. You can drill down restricting results to a particular app and a key in the app.
sudo -u www-data ./occ user:setting <uid> [<app>] [<key>]
Arguments
|
User ID used to log in. |
|
Restrict listing the settings for a given app. [default: ""]. |
|
Setting key to set, get or delete [default: ""]. |
Examples:
-
Retrieve all settings set for a given user:
sudo -u www-data ./occ user:setting layla - core: - lang: en - login: - lastLogin: 1465910968 - settings: - email: layla@example.tld
Here we see that the user has settings for the application
core
, when they last logged in, and what their email address is. -
Retrieve all settings set restricted to application
core
for a given user:sudo -u www-data ./occ user:setting layla core - core: - lang: en
In the output, you can see that one setting is in effect,
lang
, which is set toen
. -
Retrieve all settings set restricted to application
core
, keylang
for a given usersudo -u www-data ./occ user:setting layla core lang
This will display the value for that setting, such as
en
.
Setting and Deleting a Setting
sudo -u www-data ./occ user:setting [options] [--] <uid> [<app>] [<key>]
In case you want to change the email address, use the user:modify command.
|
Here’s an example of how you would set the language of the user layla
.
sudo -u www-data ./occ user:setting layla core lang --value=en
Deleting a setting is quite similar to setting a setting.
In this case, you supply the username, application (or setting category) and key as above.
Then, in addition, you supply the --delete
flag.
sudo -u www-data ./occ user:setting layla core lang --delete
Syncing User Accounts
This command syncs users stored in external backend services, such as LDAP, Shibboleth, and Samba, with ownCloud’s, internal user database.
However, it’s not essential to run it regularly, unless you have a large number of users whose account properties have changed in a backend outside of ownCloud.
When run, it will pick up changes from alternative user backends, such as LDAP, where properties like cn
or display name
have changed, and sync them with ownCloud’s user database.
If accounts are found that no longer exist in the external backend, you are given the choice of either removing or disabling the
accounts.
It’s also one of the commands that you should run on a regular basis to ensure that your ownCloud installation is running optimally. |
This command replaces the old show-remnants functionality, and brings the LDAP feature more in line with the rest of ownCloud’s functionality.
|
Usage
user:sync [options] [--] [<backend-class>]
Synchronize users from a given backend to the accounts table.
Arguments:
backend-class Type | The quoted PHP class name for the backend | Short Form |
---|---|---|
LDAP: |
|
|
Samba: |
|
|
Shibboleth: |
|
|
The argument for the backend class can be the quoted PHP class name but also the short form can be used.
Options
|
List all enabled backend classes. |
|
Sync only the user with the given user id. |
|
Sync only seen users. |
|
Calculate user count before syncing. |
|
Action to take if the account isn’t connected to a backend any longer. |
|
When syncing multiple accounts re-enable accounts that are disabled in ownCloud but available in the synced backend. |
Below are examples of how to use the command with an LDAP, Samba, and Shibboleth backend.
Samba
sudo -u www-data ./occ user:sync "OCA\User\SMB" -vvv
Below are examples of how to use the command with the LDAP backend along with example console output.
Example 1
sudo -u www-data ./occ user:sync "OCA\User_LDAP\User_Proxy" -m disable -r
Analysing all users ...
6 [============================]
No removed users have been detected.
No existing accounts to re-enable.
Insert new and update existing users ...
4 [============================]
Example 2
sudo -u www-data ./occ user:sync "OCA\User_LDAP\User_Proxy" -m disable -r
Analysing all users ...
6 [============================]
Following users are no longer known with the connected backend.
Disabling accounts:
9F625F70-08DD-4838-AD52-7DE1F72DBE30, Bobbie, bobbie@example.org disabled
53CDB5AC-B02E-4A49-8FEF-001A13725777, David, dave@example.org disabled
34C3F461-90FE-417C-ADC5-CE97FE5B8E72, Carol, carol@example.org disabled
No existing accounts to re-enable.
Insert new and update existing users ...
1 [============================]
Example 3
sudo -u www-data ./occ user:sync "OCA\User_LDAP\User_Proxy" -m disable -r
Analysing all users ...
6 [============================]
Following users are no longer known with the connected backend.
Disabling accounts:
53CDB5AC-B02E-4A49-8FEF-001A13725777, David, dave@example.org skipped, already disabled
34C3F461-90FE-417C-ADC5-CE97FE5B8E72, Carol, carol@example.org skipped, already disabled
B5275C13-6466-43FD-A129-A12A6D3D9A0D, Alicia3, alicia3@example.org disabled
Re-enabling accounts:
9F625F70-08DD-4838-AD52-7DE1F72DBE30, Bobbie, bobbie@example.org enabled
Insert new and update existing users ...
1 [============================]
Example 4
sudo -u www-data ./occ user:sync "OCA\User_LDAP\User_Proxy" -m disable -r
Analysing all users ...
6 [============================]
No removed users have been detected.
Re-enabling accounts:
53CDB5AC-B02E-4A49-8FEF-001A13725777, David, dave@example.org enabled
34C3F461-90FE-417C-ADC5-CE97FE5B8E72, Carol, carol@example.org enabled
B5275C13-6466-43FD-A129-A12A6D3D9A0D, Alicia3, alicia3@example.org enabled
Insert new and update existing users ...
4 [============================]
Versions
These commands are only available when the "Versions" app (files_versions ) is enabled.
These commands are not available in single-user (maintenance) mode.
|
versions:cleanup
versions:cleanup
can delete all versioned files, as well as the files_versions
folder, for either specific users, or for all users. A Published version persists until the original file is deleted by somebody with such permission or via the occ versions:cleanup
command.
sudo -u www-data ./occ versions:cleanup [<user_id>]...
Options
|
Delete versions of the given user(s), if no user is given all versions will be deleted. |
The example below deletes all versioned files for all users:
sudo -u www-data ./occ versions:cleanup
Delete all versions
Delete versions for users on backend Database
freda
molly
stash
rosa
edward
You can delete versions for specific users in a space-delimited list:
sudo -u www-data ./occ versions:cleanup freda molly
Delete versions of freda
Delete versions of molly
versions:expire
versions:expire
deletes only expired files according to the versions_retention_obligation
setting in config.php
(see the File versions section in config_sample_php_parameters).
The default is to delete expired files for all users, or you may list users in a space-delimited list.
sudo -u www-data ./occ versions:expire [<user_id>]...
Options
|
Expire file versions of the given user(s), if no user is given file versions for all users will be expired. |
Apps Commands
This command reference covers the ownCloud maintained apps commands, which are only available if the respective app is installed and enabled.
Activity
The activity
command is used for sending automated activity email notifications in ownCloud server.
activity
activity:send-emails Send all pending activity emails now
Send Emails Now
The activity:send-emails
command sends all pending activity emails immediately, regardless of the time they are scheduled.
sudo -u www-data ./occ activity:send-emails
Manage Rename and Move Action Notifications
Starting with Activity app version 2.7.0, rename and move action notifications can be sent. This feature is disabled by default and must be enabled manually.
Anti-Virus
Marketplace URL: Anti-Virus
Use these commands to configure the Anti-Virus app.
Parametrisation must be done with the occ config
command set.
Set the Setting
To set a new value, use the command below and replace <Key>
and value <Value>
accordingly.
sudo -u www-data ./occ config:app:set files_antivirus <Key> --value=<Value> --update-only
Antivirus Mode [string]
Antivirus Configuration.
Key |
|
Default |
'executable' |
Possible Values |
'executable' |
Antivirus Port [integer]
Port number of Antivirus Host, 1-65535.
Key |
|
Default |
|
Possible Values |
1-65535 |
Antivirus Command Line Options [string]
Extra command line options (comma-separated).
Key |
|
Default |
Antivirus Path to Executable [string]
Path to clamscan executable.
Key |
|
Default |
'/usr/bin/clamscan' |
Antivirus Maximum Filesize [integer]
File size limit, -1 means no limit.
Key |
|
Default |
'-1' |
Possible Values |
'-1' |
Antivirus Maximum Stream Length [integer]
Max Stream Length.
Key |
|
Default |
'26214400' |
Auditing
Marketplace URL: Auditing
Tracks various activities and actions of your users and admins. For details, please see the Auditing documentation.
Ignore all CLI triggered events.
Set or Change Ignore CLI Events
To ignore all CLI triggered events, you can set the following option, defaults to track cli events:
sudo -u www-data ./occ config:app:set \
"admin_audit ignore_cli_events" \
--value "yes"
Brute Force Protection
Marketplace URL: Brute-Force Protection
Use these commands to configure the Brute Force Protection app.
Parametrisation must be done with the occ config
command set.
The combination of uid
and IP address
is used to trigger the ban.
Set the Setting
To set a new value, use the command below and replace <Key>
and value <Value>
accordingly.
sudo -u www-data ./occ config:app:set brute_force_protection <Key> --value=<Value> --update-only
Fail Tolerance [attempts]
Number of wrong attempts to trigger the ban.
Key |
|
Default |
3 |
Calendar
Marketplace URL: Calendar
For commands for managing the calendar, please see the DAV Command section in the occ core command set.
Contacts
Marketplace URL: Contacts
For commands for managing contacts, please see the DAV Command section in the occ core command set.
Custom Groups
Marketplace URL: Custom Groups
Use these commands to configure the Custom Groups app.
Parameterization should be done with the occ config
command set, though some but not all settings result in an entry in config.php which also can be set manually.
Get a Current Setting
You can get the value of a current setting. For details how to do so see the Config Command Set.
Disallow Admin Access
By default, administrators can administrate custom groups of an instance. When changed, only group admins can administrate custom groups. You can change this behaviour with the following command:
sudo -u www-data ./occ config:system:set \
customgroups.disallow-admin-access-all \
--type boolean --value true
This occ command will create a key-value pair in your config.php which must be writable for the webserver user. You can also do this manually by adding the following key in config.php:
'customgroups.disallow-admin-access-all' => true,
Disallow Members of Defined Groups
You can hide custom groups from a user’s personal settings page based on a user’s group membership. This makes it easier to collect users you want to exclude into defined groups which will be further used for this setting:
sudo -u www-data ./occ config:system:set \
customgroups.disallowed-groups \
--type json \
--value '["no_guest_app_users", "project5"]'
This occ command will create a key-value pair in your config.php which must be writable for the webserver user to be set. You can also set this manually by adding the following key in config.php:
'customgroups.disallowed-groups' =>
array (
0 => 'no_guest_app_users',
1 => 'project5',
),
Restrict Group Creation
This setting defines if ordinary users are allowed to create custom groups. By default, all users can create custom groups, but this can be restricted to admins (if allowed as above) and group-admins. Values to be set can be 'true' and 'false', defaults to 'false'.
sudo -u www-data ./occ config:app:set \
customgroups \
only_subadmin_can_create \
--value 'true'
Restrict Add or Remove Group Members
This setting defines if an existing ordinary group member is allowed to add other users to the target group or remove them. By default, all users can add members to groups, but this can be restricted to admins (if allowed as above) and group-admins. Values to be set can be 'yes' and 'no', defaults to 'no'.
sudo -u www-data ./occ config:app:set \
core \
shareapi_only_share_with_group_members \
--value 'yes'
Allow Duplicate Group Display Names
This setting allows the creation of multiple groups with the same display name. By default, group display names must be unique, but it can be be allowed to have multiple identical group display names. Values to be set can be 'true' and 'false', defaults to 'false'.
sudo -u www-data ./occ config:app:set \
customgroups \
allow_duplicate_names \
--value 'false'
Data Exporter
This app is only available as a git clone. See the Data Exporter description for more information on how to install this app. Import and export users from one ownCloud instance in to another. The export contains all user settings, files and shares.
The following commands are available for the Data Exporter app:
instance
instance:export Exports global instance data
instance:export:user Exports a single user
instance:import Imports global instance data
instance:import:user Imports a single user
instance:export:migrate:share Converts the local shares pointing to the given user to federated shares
pointing at the remote instance. An important prerequisite is that the user
and his shares have already been imported on that remote instance
File Lifecycle Management
Marketplace URL: File Lifecycle Management
The File Lifecycle Management extension allows service providers to manage the lifecycle of files within ownCloud. For details please see the File Lifecycle Management documentation.
The lifecycle
commands configure the File Lifecycle Management app.
lifecycle
lifecycle:archive Archive files which have reached a certain age
lifecycle:expire Expire files from Archive which have reached a certain age
lifecycle:restore Restore files from Archive to the original location
lifecycle:restore-all Restore all archived files in the system back to their
original locations
lifecycle:set-upload-time Set upload time for files which do not have one
config:app
commands configure the Policies for the File Lifecycle Management app.
config:app:get|set
files_lifecycle archive_period Number of days since upload (or restore)
after which files will be archived
files_lifecycle expire_period Number of days since archiving after which files will
be permanently deleted
files_lifecycle excluded_groups Define groups of users that are exempt from the
lifecycle policies
files_lifecycle policy Restoration policies for users
files_lifecycle disable_ui Enable/Disable the user interface components
Archive Aged Files
Archive files which have reached a certain age.
sudo -u www-data ./occ lifecycle:archive [options]
Expire Files From Archive
Expire files from archive which have reached a certain age.
sudo -u www-data ./occ lifecycle:expire [options]
Restore Files From Archive
Restore files from archive to the original location. Note that the location for archived files always follows the pattern $userid/archive/files/…
sudo -u www-data ./occ lifecycle:restore <path>
Restore All Files From Archive
Restore all archived files for all users in the system back to their original locations. This command has no additional arguments or options.
sudo -u www-data ./occ lifecycle:restore-all
Set Default Upload Time
Set upload time for files which do not have one.
Files without upload time are silently skipped by occ lifecycle:archive
This can happen with files that were uploaded before the files_lifecycle app was configured or when it was temporarily disabled and therefore do not have an upload time set.
|
sudo -u www-data ./occ lifecycle:set-upload-time [options] [--] <date>
Policy Configuration
All policy configurations are set and queried with the config:app
command set. The examples below set a value. To query a value use config:app:get
and the corresponding key without any options or attributes.
Set the Archive Period
The number of days since upload (or restore) after which files will be archived.
The following example command sets the time passed since upload (or restore) for archiving files to 90 days.
sudo -u www-data ./occ config:app:set files_lifecycle archive_period --value='90'
Set the Expire Period
The number of days since archiving after which files will be permanently deleted.
The following example command sets the time passed to delete files to 180 days.
sudo -u www-data ./occ config:app:set files_lifecycle expire_period --value='180'
Set Groups to be Excluded
Define groups of users that are exempt from the lifecycle policies (comma-separated group ids).
The following example command specifies groups whose members will not be part of the lifecycle management.
sudo -u www-data ./occ config:app:set files_lifecycle excluded_groups --value='group1,group2'
Restoration Policy for Users
Set a policy who can restore files. Use the value soft
for self-service and hard
for admin/groupadmin-service.
The following example command sets the restoration policy for users to soft
(default).
sudo -u www-data ./occ config:app:set files_lifecycle policy --value='soft'
Disable User Interface
Disable the whole user interface for the File Lifecycle Management app.
The following example command disables the user interface for the File Lifecycle Management app.
sudo -u www-data ./occ config:app:set files_lifecycle disable_ui --value='yes'
You can reenable it by deleting the key:
sudo -u www-data ./occ config:app:delete files_lifecycle disable_ui
Full Text Search
Use these commands when you manage full text search related tasks.
Command Description
search
search:index:create Create initial search index for one or all users.
This command could not update the search index correctly
after the initial indexing.
search:index:fillSecondary Fill a secondary index based on the indexed data we have.
search:index:rebuild Rebuild the search index for a given User.
If you want to rebuild the whole index, run
`search:index:reset` and then `search:index:create --all`.
search:index:reset Reset the index.
search:index:update Update the search index by running all pending background jobs.
In addition to the settings provided by the Full Text Search app, you can set/read additional options via the occ config:app
commands. These are Set App Modes, Index Metadata Only and Limit Metadata Search for Groups.
Create the Full Text Search Index
The command search:index:create
creates the initial full text search index for one or all users.
sudo -u www-data ./occ search:index:create <user_id> (<user_id>)...
Arguments
|
The ID of the user (or space-separated list of user IDs) to create a full text search index for. A full text search index is created for all users, if this value is omitted. |
Fill a Secondary Index
Fill a secondary index based on the indexed data we have. Files not matching the "indexed" status will be ignored. This is intended to be used in index data migrations, so the connector for this secondary index should have been configured as "write connector". See the Full Text Search documentation for more details. Note that the values of the connector_name
are hardcoded and have to be written as described.
sudo -u www-data ./occ search:index:fillSecondary [options] [--] <connector_name> <user_id>...
Arguments
connector_name |
The name of the connector. |
|
Provide a userId. This argument is required. |
Options
|
Do not output any message. |
|
Use this option to fill the secondary index without further questions. |
|
Start indexing from the beginning, not from a previous savepoint. |
|
The savepoint will be updated after processing this number of files. [default: "100"] |
Rebuild the Full Text Search Index
Rebuild the index for a given user. All the indexes associated with the configured connectors will be rebuilt. This won’t apply any change to the configuration of the index if it’s already set up but it will set up any index that hasn’t been set up yet. Check "search:index:reset" to reset all the indexes associated to the configured connectors.
If you want to rebuild the whole index, run search:index:reset
and then search:index:create --all
.
sudo -u www-data ./occ search:index:rebuild <user_id> (<user_id>)...
Options
|
Do not output any message. |
|
Use this option to reset the index without further questions. |
Example 1
This example rebuilds the full text search index for the user with user ID testuser
.
sudo -u www-data ./occ search:index:rebuild testuser
Indexing user testuser
This will delete all full text search index data for testuser! Do you want to proceed?
[0] no
[1] yes
> 1
Rebuilding full text search Index for testuser
Example 2
This example rebuilds the full text search index for the users with user IDs admin
and testuser
.
sudo -u www-data ./occ search:index:rebuild admin testuser
This will delete all search index data for admin, testuser! Do you want to proceed?
[0] no
[1] yes
> 1
Rebuilding Search Index for admin
Rebuilding Search Index for testuser
Reset the Full Text Search Index
Reset all the configured indexes. Changes in the configuration of the indexes associated with the configured connectors will take place. All the data in those indexes will be removed, so you’ll need to rebuild the indexes, usually with "search:index:rebuild".
sudo -u www-data ./occ search:index:reset
Update the Full Text Search Index
Updates to the search index due to changed content or changed metadata are happening via background jobs that are added to a queue. These background jobs are normally run by the ownCloud cronjob. The command search:index:update
updates the full text search index by running all pending background jobs.
sudo -u www-data ./occ search:index:update
Set App Modes
To do an initial full indexing without the Full Text Search app interfering, it can be put in passive mode. See the App Modes section in the Full Text Search description for details.
sudo -u www-data ./occ config:app:set \
search_elastic mode --value passive
Switching back to active mode can be done by running the following command:
sudo -u www-data ./occ config:app:set \
search_elastic mode --value active
Restrict Search Results
Search results can be restricted in different ways, see the Restrict Search Results section in the Full Text Search description for details.
LDAP Integration
Marketplace URL: LDAP Integration
ldap
ldap:check-user Checks whether a user exists on LDAP
ldap:create-empty-config Creates an empty LDAP configuration
ldap:delete-config Deletes an existing LDAP configuration
ldap:invalidate-cache Invalidates the LDAP cache
ldap:search Executes a user or group search
ldap:set-config Modifies an LDAP configuration
ldap:show-config Shows the LDAP configuration
ldap:test-config Tests an LDAP configuration
Search for a User
Search for an LDAP user, using this syntax:
sudo -u www-data ./occ ldap:search [options] [--] <search>
Options
|
Searches groups instead of users |
|
The offset of the result set. Needs to be a multiple of limit. [default: 0] |
|
Limit the results. 0 means no limit. [default: 15] |
Note that the search string can be empty to list all users, or groups when the --group
option is set. In this case, the search string must be declared with ''
. It is by default a prefix search. Start the string with *
to change to infix (substring) search.
Search Configuration and Rules
Search attributes are configurable in the LDAP wizard (ldap:set-config
as described below:
-
If User/Group Search Attributes are NOT defined (empty), the entry defined in the User/Group Display Name Field is used as the search attribute, for details see below.
-
Important when having multiple search attributes, results are unique as long hits correspond to a unique user or group entry.
-
If User Search Attributes are defined (not empty) in:
ldapAttributesForUserSearch
-
Example
If your search attributes would be
givenName
andsn
you can find users by first name + last name very quickly. You will find "Terri Hanson" by searching forte ha
. Trailing whitespace is ignored.
-
-
Else use the User Display Name Field which usually defaults to the default displayname attribute "displayname"
ldapUserDisplayName
-
If Group Search Attributes are defined (not empty) in:
ldapAttributesForGroupSearch
-
Else use the Group Display Name Field which usually defaults to the default displayname attribute "cn"
ldapGroupDisplayName
The best way understanding offset
and limit
is the following table when using occ ldap:search '' [options]
Options | Result Set |
---|---|
|
"A", "B", "C", "D" and "E" |
|
"F", "G", "H", "I" and "J" |
|
"B", "C" and "D" |
Examples
Searches match at the beginning of the attribute value only. This example searches for givenNames
that start with 'rob':
sudo -u www-data ./occ ldap:search "rob"
This will find "robbie", "roberta", and "robin".
Broaden the search to find, for example, jeroboam
with the asterisk wildcard:
sudo -u www-data ./occ ldap:search "*rob"
The following examples use offset
and limit
options:
sudo -u www-data ./occ ldap:search "re"
Rebecca OShea (Rebecca.OShea)
Rebecca Vintin (Rebecca.Vintin)
Rebekka Da-Cahuna (Rebekka.Da-Cahuna)
Rekha Cox (Rekha.Cox)
Rekha Craft (Rekha.Craft)
sudo -u www-data ./occ ldap:search "re" --offset 0 --limit 3
Rebecca OShea (Rebecca.OShea)
Rebecca Vintin (Rebecca.Vintin)
Rebekka Da-Cahuna (Rebekka.Da-Cahuna)
sudo -u www-data ./occ ldap:search "re" --offset 3 --limit 3
Rekha Cox (Rekha.Cox)
Rekha Craft (Rekha.Craft)
Check if an LDAP User Exists
This only works if the ownCloud server is connected to an LDAP server.
ldap:check-user [options] [--] <ocName>
Options
|
Ignores disabled LDAP configuration |
Example:
sudo -u www-data ./occ ldap:check-user robert
ldap:check-user
will not run a check when it finds a disabled LDAP connection. This prevents users that exist on disabled LDAP connections from being marked as deleted. If you know for sure that the user you are searching for is not in one of the disabled connections and exists on an active connection, use the --force
option to force a check of all active LDAP connections.
sudo -u www-data ./occ ldap:check-user --force robert
Create an Empty LDAP Configuration
Create an empty LDAP configuration.
ldap:create-empty-config [<configID>]
List and View Your Configurations
You can list and view your configurations:
sudo -u www-data ./occ ldap:show-config [options] [--] [<configID>]
Delete an Existing LDAP Configuration
Deletes an existing LDAP configuration.
ldap:delete-config <configID>
Invalidate LDAP Cache
This command invalidates the LDAP cache for all users:
sudo -u www-data ./occ ldap:invalidate-cache
Manipulate LDAP Configurations
This command manipulates LDAP configurations.
sudo -u www-data ./occ ldap:set-config <configID> <configKey> <configValue>
Arguments
|
The configuration ID |
|
The configuration key |
|
The new configuration value |
If a configKey
allows multiple entries like the key ldapAttributesForUserSearch
, use semicolons without a whitespace to separate them.
This example sets search attributes:
sudo -u www-data ./occ ldap:set-config s01 ldapAttributesForUserSearch "cn;givenname;sn;displayname;mail"
Available keys, along with default values for configValue, are listed in the table below.
Configuration | Setting |
---|---|
hasMemberOfFilterSupport |
|
hasPagedResultSupport |
|
homeFolderNamingRule |
|
lastJpegPhotoLookup |
0 |
ldapAgentName |
cn=admin,dc=owncloudqa,dc=com |
ldapAgentPassword |
* |
ldapAttributesForGroupSearch |
|
ldapAttributesForUserSearch |
|
ldapBackupHost |
|
ldapBackupPort |
|
ldapBase |
dc=owncloudqa,dc=com |
ldapBaseGroups |
dc=owncloudqa,dc=com |
ldapBaseUsers |
dc=owncloudqa,dc=com |
ldapCacheTTL |
600 |
ldapConfigurationActive |
1 |
ldapDynamicGroupMemberURL |
|
ldapEmailAttribute |
|
ldapExperiencedAdmin |
0 |
ldapExpertUUIDGroupAttr |
|
ldapExpertUUIDUserAttr |
|
ldapExpertUsernameAttr |
|
ldapGroupDisplayName |
cn |
ldapGroupFilter |
|
ldapGroupFilterMode |
0 |
ldapGroupFilterObjectclass |
|
ldapGroupMemberAssocAttr |
uniqueMember |
ldapHost |
ldap://host |
ldapIgnoreNamingRules |
|
ldapLoginFilter |
(&objectclass=inetOrgPerson(uid=%uid)) |
ldapLoginFilterAttributes |
|
ldapLoginFilterEmail |
0 |
ldapLoginFilterMode |
0 |
ldapLoginFilterUsername |
1 |
ldapNestedGroups |
0 |
ldapNetworkTimeout |
15 |
ldapOverrideMainServer |
|
ldapPagingSize |
500 |
ldapPort |
389 |
ldapQuotaAttribute |
|
ldapQuotaDefault |
|
ldapTLS |
0 |
ldapUserDisplayName |
displayName |
ldapUserDisplayName2 |
|
ldapUserFilter |
objectclass=inetOrgPerson |
ldapUserFilterGroups |
|
ldapUserFilterMode |
0 |
ldapUserFilterObjectclass |
inetOrgPerson |
ldapUuidGroupAttribute |
auto |
ldapUuidUserAttribute |
auto |
turnOffCertCheck |
0 |
useMemberOfToDetectMembership |
1 |
Test Your Configuration
Tests whether your configuration is correct and can bind to the server.
sudo -u www-data ./occ ldap:test-config <configID>
Set and Unset LDAP App Configurations
sudo -u www-data ./occ config:app:set user_ldap updateAttributesInterval --value=7200
In the example above, the interval is being set to 7200 seconds. Assuming the above example was used, the command would output the following:
Config value updateAttributesInterval for app user_ldap set to 7200
If you want to reset (or unset) the setting, then you can use the following command:
sudo -u www-data ./occ config:app:delete user_ldap updateAttributesInterval
Reuse Existing LDAP Accounts if Available
If you want to allow new LDAP logins to attempt to reuse existing oc_accounts
entries that match the resolved username attribute, and have backend set to User_Proxy
, then set the reuse_accounts
config setting to yes
.
Below is an example of how to do so.
sudo -u www-data ./occ config:app:set user_ldap reuse_accounts --value="yes"
This functionality is valuable for several reasons; these are:
-
It handles the situation of when admins mistakenly delete one or more user mappings, and subsequent logins then create new accounts.
-
It allows auto-provisioned users with Shibboleth to be moved over to an LDAP server, but be able to continue using ownCloud.
This functionality will not work in the following situations:
|
Market
Marketplace URL: Market
The market
commands install, uninstall, list, and upgrade applications from the ownCloud Marketplace.
market
market:install Install apps from the marketplace. If already installed and
an update is available the update will be installed.
market:uninstall Uninstall apps from the marketplace.
market:list Lists apps as available on the marketplace.
market:upgrade Installs new app versions if available on the marketplace
The user running the update command, which will likely be your webserver user, requires write permission for the /apps respectively apps-external folder.
|
If they don’t have write permission, the command may report that the update was successful, but it may silently fail. |
These commands are not available in single-user (maintenance) mode. For more details please see the Maintenance Commands section in the occ core command set.
Install an Application
Applications can be installed both from the ownCloud Marketplace and from a local file archive.
Install Apps From The Marketplace
To install an application from the Marketplace, you need to supply the app’s id, which can be found in the app’s Marketplace URL.
For example, the URL for Two factor backup codes is https://marketplace.owncloud.com/apps/twofactor_backup_codes.
So its app id is twofactor_backup_codes
.
sudo -u www-data ./occ market:install <ids> [option]
Install Apps From a File Archive
To install an application from a local file archive, you need to supply the path to the archive, and that you pass the -l
switch.
Only zip
, gzip
, and bzip2
archives are supported.
Usage Example
# Install an app from the marketplace.
sudo -u www-data ./occ market:install twofactor_backup_codes
# Install an app from a local archive.
sudo -u www-data ./occ market:install -l /mnt/data/richdocuments-2.0.0.tar.gz
The target directory has to be accessible to the webserver user and you have to enable the app afterwards with the occ app:enable command.
|
Uninstall an Application
To uninstall an application use the following commands:
sudo -u www-data ./occ market:uninstall <ids>
List Apps From The Marketplace
This command lists apps available on the marketplace. It returns the ids of the apps.
sudo -u www-data ./occ market:list
Metrics
Marketplace URL: Metrics
Monitoring and reporting of ownCloud Server. For details please see the Metrics documentation.
Set a secret for authenticating requests at the endpoint.
In case you want to generate a random secret, use the following example command:
echo $(tr -dc 'a-z0-9' < /dev/urandom | head -c 20)
Set or change the Secret
Writes the key metrics_shared_secret
and the secret to config.php. The name must not be changed and be exactly as written.
Note: You can also set the config key/value manually into your config.php file.
sudo -u www-data ./occ config:system:set \
"metrics_shared_secret" \
--value "your-metrics-secret"
The above command adds the following at the end of config.php
:
'metrics_shared_secret' => 'your-metrics-secret',
Migrate to Kiteworks
The Migrate to Kiteworks app is not available on the ownCloud marketplace. If you plan a migration, get in touch with ownCloud support for more details.
See the Migrating to Kiteworks Private Content Network documentation for the sequence and details of the migration including the description how to get the required parameters for the commands.
Note that the argument $KW_ADMIN_USER
in the description below is noted like when defining it as environment variable as proposed in the migration document.
The following commands manage the migration of ownCloud to Kiteworks:
migrate:to-kiteworks
migrate:to-kiteworks:init Initialize the migration process.
migrate:to-kiteworks:verify Verifies the ownCloud instance to be ready for migration.
migrate:to-kiteworks:users Migrates ownCloud users to the configured Kiteworks instance.
migrate:to-kiteworks:files Migrates ownCloud files and folders to the configured Kiteworks instance.
migrate:to-kiteworks:shares Migrates ownCloud shares to the configured Kiteworks instance.
migrate:to-kiteworks:disable-users Disables users in Kiteworks.
Initialize the Migration Process
To start the migration, it must be initialized first:
sudo -u www-data ./occ migrate:to-kiteworks:init KW_HOST KW_APPLICATION_ID "KW_SECRET"
Verify That the Migration can be Started
After initialisation, the migration must be verified to be ready:
sudo -u www-data ./occ migrate:to-kiteworks:verify $KW_ADMIN_USER
Migrate Users
After verification, migrating users can be started:
sudo -u www-data ./occ migrate:to-kiteworks:users $KW_ADMIN_USER $KW_PROFILE_GUEST
Migrate Files
After migrating users, migrating files can be started:
sudo -u www-data ./occ migrate:to-kiteworks:files $KW_ADMIN_USER
Migrate Shares
After migrating files, shares can be migrated. Note that when initiating this step, migrating files and users cant be run again:
sudo -u www-data ./occ migrate:to-kiteworks:shares $KW_ADMIN_USER
Password Policy
Marketplace URL: Password Policy
Command to expire a user or group of users’ passwords.
Command Description
sudo -u www-data ./occ user:expire-password <uid> [<expiredate>]
Arguments
|
User ID. |
|
The date and time when a password expires, |
The expiry date can be provided using any of PHP’s supported date and time formats. |
Options
|
Will add password expiry to all known users. uid and group option are discarded if the option is provided by user. |
|
The uid of the user to expire the password for. |
|
Add password expiry to user(s) in one or more groups. |
If an expiry date is not supplied, the password will expire with immediate effect.
This is because the password will be set as being expired 24 hours before the command was run.
For example, if the command was run at 2018-07-12 13:15:28 UTC
, then the password’s expiry
date will be set to 2018-07-11 13:15:28 UTC
.
After the command completes, console output, similar to that below, confirms when the user’s password is set to expire.
The password for frank is set to expire on 2018-07-12 13:15:28 UTC.
Command Examples
# The password for user "frank" will be set as being expired 24 hours before the command was run.
sudo -u www-data ./occ user:expire-password -u frank
# Expire the user "frank"'s password in 2 days time.
sudo -u www-data ./occ user:expire-password -u frank '+2 days'
# Expire the user "frank"'s password on the 15th of August 2005, at 15:52:01 in the local timezone.
sudo -u www-data ./occ user:expire-password --uid frank '2005-08-15T15:52:01+00:00'
# Expire the user "frank"'s password on the 15th of August 2005, at 15:52:01 UTC.
sudo -u www-data ./occ user:expire-password --uid frank '15-Aug-05 15:52:01 UTC'
Caveats
Please be aware of the following implications of enabling or changing the password policy’s "days until user password expires" option.
-
Administrators need to run the
occ user:expire-password
command to initiate expiry for new users. -
Passwords will never expire for users who have not changed their initial password, because they do not have a password history. To force password expiration use the
occ user:expire-password
command. -
A password expiration date will be set after users change their password for the first time. To force password expiration use the
occ user:expire-password
command. -
Passwords changed for the first time, will expire based on the active password policy. If the policy is later changed, it will not update the password’s expiry date to reflect the new setting.
-
Password expiration dates of users where the administrator has run the
occ user:expire-password
command won’t automatically update to reflect the policy change. In these cases, Administrators need to run theocc user:expire-password
command again and supply a new expiry date.
Ransomware Protection (Enterprise Edition only)
Marketplace URL: Ransomware Protection
Use these commands to help users recover from a Ransomware attack. You can find more information about the application in the Ransomware Protection documentation.
Command Description
ransomguard
ransomguard:scan Scan the ownCloud database for changes in order
to discover anomalies in a user’s account and their origin.
ransomguard:restore Revert all operations in a user account after a point in time.
ransomguard:lock Set a user account as read-only for ownCloud and other WebDAV
clients when malicious activity is suspected.
ransomguard:unlock Unlock a user account after ransomware issues have been resolved
ransomguard:blacklist:set-file Set the file that will contain the blacklist.
A new file will be created if it does not exist.
ransomguard:blacklist:update:from-file Update the blacklist with the contents from the file.
ransomguard:blacklist:update:from-site Update the blacklist with the contents from the site
Scan Command Description
Scan the ownCloud database for changes in order to discover anomalies in a user’s account and their origin. Add a <timestamp>
and a <user>
for the search to start with. Note that <timestamp>
must be in the Linux timestamp format.
sudo -u www-data ./occ ransomguard:scan <timestamp> <user>
Restore Command Description
Revert all operations in a user account after a given point in time. Note that <timestamp>
must be in the Linux timestamp format.
sudo -u www-data ./occ ransomguard:restore <timestamp> <user>
Lock Command Description
When necessary, set a user account as read-only
for ownCloud and other WebDAV clients when malicious activity is suspected.
sudo -u www-data ./occ ransomguard:lock <user>
Unlock Command Description
When ransomware issues have been resolved, the user account can be unlocked.
sudo -u www-data ./occ ransomguard:unlock <user>
Blacklist Handling
The information which files to blacklist can be dynamically maintained either via a file or a URL where the data can be retrieved from. Independent of where updates come from, the file the app uses for identifying blacklist patterns is defined via set-file
.
Blacklist Set-File Command Description
This command will set the location of the blacklist file the app will use. The location needs to be shared in all ownCloud servers in case of a multi-server setup. If you try to update the blacklist using the command blacklist:update:from-file
without having run the blacklist:set-file
command first, the blacklist file will be generated using the bundled blacklist.txt.dist
file and saved in the ownCloud’s data directory as ransomware_blacklist.txt
. That file will then be used as default. Running the command again using a different <filePath>
as argument will copy the contents from the old location to the new location without deleting the old one. It is highly recommended to use a different filename than the bundled one.
sudo -u www-data ./occ ransomguard:blacklist:set-file <filePath>
Blacklist From-File Command Description
This command will update the contents of the blacklist file using another file as source. The format of the file is the same as the blacklist.txt.dist
file bundled in the app. The command will only add the new items, which are displayed in the terminal.
sudo -u www-data ./occ ransomguard:blacklist:update:from-file <filePath>
Blacklist From-Site Command Description
This command will update the contents by getting the blacklist from a website. The default site is https://fsrm.experiant.ca/api/v1/get. Other sites can be used as long as the response follows the same format as the default site. The behavior is the same as with the from-file
variant.
sudo -u www-data ./occ ransomguard:blacklist:update:from-site <siteUrl>
Arguments
|
The URL to get the data from, defaults to: |
Collabora Online / Secure View
Marketplace URL: Collabora Online
Collabora Online allows you to work with all kinds of collabora office documents inside ownCloud for improved productivity. For details, see the Collabora Online / Secure View documentation.
config:app
commands to configure the Collabora Online app.
config:app:get|set
richdocuments wopi_url WOPI Server URL
richdocuments secure_view_option Enable Secure View
richdocuments watermark_text Watermark pattern displayed in the document
richdocuments open_in_new_tab Open documents in a new tab
richdocuments secure_view_can_print_default Define if documents can be printed or exported
richdocuments secure_view_open_action_default Enforce displaying the watermark by default
App Configuration
All app configurations are set and queried with the config:app
command set. The examples below set a value. To query a value use config:app:get
and the corresponding key without any options or attributes. Note that values have to be set in single quotes.
Define the WOPI Server URL
WOPI Server URL
This command sets the WOPI Server to [IP/URL]:port
[IP/URL]:port
can be any IP/URL plus the port on which the WOPI server can be accessed like:
-
a.b.c.d
-
…
Adding the port is only necessary when not using standard ports.
sudo -u www-data ./occ config:app:set richdocuments wopi_url --value='[IP/URL]:port'
Enable Secure View
Enable Secure View (possible values: true/false, default: false).
The following example command enables secure view globally on the system:
sudo -u www-data ./occ config:app:set richdocuments secure_view_option --value='true'
Define the Watermark Pattern Displayed
A watermark pattern is displayed in the document when it is viewed. It can be an arbitrary string. The keyword {viewer-email} will be replaced with the current user’s email address in the document watermark. If an email address is not set, then the user’s display name will be used.
The following example command sets the watermark pattern displayed in the document:
sudo -u www-data ./occ config:app:set richdocuments watermark_text --value='Restricted to {viewer-email}'
Open Documents in a New Tab
By default, documents will open in a new tab if not otherwise defined. You can change this behaviour with a command (possible values: true/false, default: false).
The following example command makes documents open in the same tab:
sudo -u www-data ./occ config:app:set richdocuments open_in_new_tab --value='false'
Define the Print and Exporting Option
Enable documents in secure view mode to be printed and exported (possible values: true/false, default: false).
The following example command enables the option to globally print and export documents although secure view is enabled:
sudo -u www-data ./occ config:app:set secure_view_can_print_default --value='true'
Enforce Displaying the Watermark
Open documents in secure view with watermark by default (possible values: true/false, default: false).
The following example command enables the option to globally enforce displaying the watermark when documents are viewed:
sudo -u www-data ./occ config:app:set richdocuments secure_view_open_action_default --value='true'
Delete a Key or Change a Key
You can delete a key with the following example command:
sudo -u www-data ./occ config:app:delete richdocuments secure_view_open_action_default
You can change a key with the following example command:
sudo -u www-data ./occ config:app:set richdocuments secure_view_option --value='false'
OAuth2
Marketplace URL: OAuth2
Use these commands to configure OAuth2 clients via the OAuth2 app:
oauth2
oauth2:add-client Adds an OAuth2 client
oauth2:list-clients Lists OAuth2 clients
oauth2:remove-client Removes an OAuth2 client
oauth2:modify-client Modify OAuth2 client details
Add a Client
Usage
oauth2:add-client <name> <client-id> <client-secret> <redirect-url> [<allow-sub-domains> [<trusted> [<force-trust>]]]
Arguments
|
Name of the client - will be displayed in the authorization page to the user |
|
Identifier of the client - used by the client during the implicit and authorization code flow |
|
Secret of the client - used by the client during the authorization code flow |
|
Redirect URL - used in the OAuth flows to post back tokens and authorization codes to the client |
|
Defines if the redirect url is allowed to use sub-domains. Enter true or false [default: "false"] |
|
Defines if the client is trusted. Enter true or false [default: "false"] |
|
Trust the client even if the redirect-url is localhost. [default: "false"] |
List Clients
Options
|
The output format to use (plain, json or json_pretty). [default: "plain"] |
- Desktop Client:
- name: Desktop Client
- redirect-url: http://localhost:*
- client-id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
- client-secret: UBntmLjC2yYCeHwsyj73Uwo9TAaecAetRwMw0xYcvNL9yRdLSUi0hUAHfvCHFeFh
- allow-sub-domains: false
- trusted: false
- Android:
- name: Android
- redirect-url: oc://android.owncloud.com
- client-id: e4rAsNUSIUs0lF4nbv9FmCeUkTlV9GdgTLDH1b5uie7syb90SzEVrbN7HIpmWJeD
- client-secret: dInFYGV33xKzhbRmpqQltYNdfLdJIfJ9L5ISoKhNoT9qZftpdWSP71VrpGR9pmoD
- allow-sub-domains: false
- trusted: false
- iOS:
- name: iOS
- redirect-url: oc://ios.owncloud.com
- client-id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
- client-secret: KFeFWWEZO9TkisIQzR3fo7hfiMXlOpaqP8CFuTbSHzV1TUuGECglPxpiVKJfOXIx
- allow-sub-domains: false
- trusted: false
S3 Primary Objectstore
Commands to configure Amazon S3 compatible object storages as the primary ownCloud storage location.
Marketplace URL: S3 Primary Object Storage
SAML/SSO Shibboleth Integration (Enterprise Edition only)
Marketplace URL: SAML/SSO Integration
shibboleth:mode
sets your Shibboleth mode to notactive
, autoprovision
, or ssoonly
sudo -u www-data ./occ shibboleth:mode [mode]
Two-Factor TOTP
Marketplace URL: 2-Factor Authentication
The following commands manage the 2-Factor Authentication App. TOTP stands for time-based one-time password. There is also a core component independent of the 2-Factor Authentication App with which a particular user can be enabled or disabled for the two-factor authentication. For details see section Two-Factor Authentication.
The following commands are available for the 2-Factor Authentication app:
twofactor_totp
twofactor_totp:delete-redundant-secret Delete the redundant secret of non-existing users
twofactor_totp:set-secret-verification-status Set secret verification status of specified users or all users
Delete Redundant Secrets
Delete the redundant secrets of non-existing users:
sudo -u www-data ./occ twofactor_totp:delete-redundant-secret
Windows Network Drive (WND)
Marketplace URL: External Storage: Windows Network Drives
Integrate Windows and Samba/CIFS shared network drives as external storages. For details please see the Windows Network Drive (WND) documentation.
The wnd
commands configure the WND app.
wnd
wnd:listen Listen to smb changes and store notifications for later processing
wnd:process-queue Process the notifications stored by the wnd:listen command
wnd:set-service-account Sets the service account for the target mount point (deprecated)
Please see the
Windows Network Drive Notifications for how to properly setup wnd:listen
and wnd:process-queue
.
Configure the Listener
Listen to smb changes and store notifications for later processing in the database
sudo -u www-data ./occ wnd:listen [options] [--] <host> <share> <username> [<password>]
Arguments
|
The hostname or IP address of the server to listen to |
|
The share inside the host to listen to for changes |
|
The username that will be used to connect to the share |
|
The user’s password (will be asked for if it isn’t provided) |
Options
|
The path inside the share to watch for changes [default: ""] |
|
The file containing the password for the account to be used to listen |
|
Use the password from the matching service account. This works only for collaborative WND mounts |
|
Trim blank characters from the password |
|
Force the usage of that unbuffering option for the underlying smbclient command. Possible options are either "auto", "pty" or "stdbuf" [default: "auto"] |
|
The output format to use (plain, json or json_pretty). [default: "plain"] |
|
Process Notifications
Process the notifications stored by the wnd:listen
command
sudo -u www-data ./occ wnd:process-queue [options] [--] <host> <share>
Set the Service Account
This command is deprecated starting with ownCloud 10.8. All mount options marked as password are now encrypted by default. Existing old settings are migrated automatically. |
Sets the service account for the target mount point. You’ll be asked for the password of the service account.
sudo -u www-data ./occ wnd:set-service-account [options] [--] <mount-id>
Please see the occ documentation of files_external:list to get the required mount-id.