Using the occ Command

ownCloud’s occ command (ownCloud console) is ownCloud’s command-line interface. You can perform many common server operations with occ, such as installing and upgrading ownCloud, managing users and groups, encryption, passwords, LDAP setting, and more.

occ is in the owncloud/ directory; for example /var/www/owncloud on Ubuntu Linux. occ is a PHP script. You must run it as your HTTP user to ensure that the correct permissions are maintained on your ownCloud files and directories.

Run occ As Your HTTP User

The HTTP user is different on the various Linux distributions. See strong_perms_label to learn how to find your HTTP user.

  • The HTTP user and group in Debian/Ubuntu is www-data.

  • The HTTP user and group in Fedora/CentOS is apache.

  • The HTTP user and group in Arch Linux is http.

  • The HTTP user in openSUSE is wwwrun, and the HTTP group is www.

If your HTTP server is configured to use a different PHP version than the default (/usr/bin/php), occ should be run with the same version. For example, in CentOS 6.5 with SCL-PHP54 installed, the command looks like this:

sudo -u apache /opt/rh/php54/root/usr/bin/php /var/www/html/owncloud/occ

Example Commands

Running occ with no options lists all commands and options, like this example on Ubuntu:

sudo -u www-data php occ
ownCloud version 10.0.8

Usage:
 command [options] [arguments]

==== Options
 -h, --help            Display this help message
 -q, --quiet           Do not output any message
 -V, --version         Display this application version
     --ansi            Force ANSI output
     --no-ansi         Disable ANSI output
 -n, --no-interaction  Do not ask any interactive question
     --no-warnings     Skip global warnings, show command output only
 -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output,
                       2 for more verbose output and 3 for debug

Available commands:
 check                 Check dependencies of the server environment
 help                  Displays help for a command
 list                  Lists commands
 status                Show some status information
 upgrade               Run upgrade routines after installation of
                       a new release. The release has to be installed before

This is the same as sudo -u www-data php occ list. Run it with the -h option for syntax help:

sudo -u www-data php occ -h

Display your ownCloud version:

sudo -u www-data php occ -V
  ownCloud version 10.0.8

Query your ownCloud server status:

sudo -u www-data php occ status
  - installed: true
  - version: 10.0.8.5
  - versionstring: 10.0.8
  - edition: Community

occ has options, commands, and arguments. Commands are required. Options are optional. Arguments can be required or optional. The, generic, syntax is

occ [options] command [arguments]

Get detailed information on individual commands with the help command, like this example for the maintenance:mode command

sudo -u www-data php occ help maintenance:mode
Usage:
 maintenance:mode [options]

==== Options
     --on              Enable maintenance mode
     --off             Disable maintenance mode
     --output[=OUTPUT] Output format (plain, json or json_pretty, default is plain) [default: "plain"]
 -h, --help            Display this help message
 -q, --quiet           Do not output any message
 -V, --version         Display this application version
     --ansi            Force ANSI output
     --no-ansi         Disable ANSI output
 -n, --no-interaction  Do not ask any interactive question
     --no-warnings     Skip global warnings, show command output only
 -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output,
                       2 for more verbose output and 3 for debug

The status command from above has an option to define the output format. The default is plain text, but it can also be json

sudo -u www-data php occ status --output=json
{"installed":true,"version":"9.0.0.19","versionstring":"9.0.0","edition":""}

or json_pretty

sudo -u www-data php occ status --output=json_pretty
{
   "installed": true,
   "version": "10.0.8.5",
   "versionstring": "10.0.8",
   "edition": "Community"
}

This output option is available on all list and list-like commands, which include status, check, app:list, config:list, encryption:status and encryption:list-modules.

Core Commands

This command reference covers the ownCloud core commands.

Apps Commands

The app commands list, enable, and disable apps

app
 app:check-code   check code to be compliant
 app:disable      disable an app
 app:enable       enable an app
 app:getpath      Get an absolute path to the app directory
 app:list         List all available apps

List all of your installed apps or optionally provide a search pattern to restrict the list of apps to those whose name matches the given regular expression. The output shows whether they are enabled or disabled

sudo -u www-data php occ app:list [<search-pattern>]

Enable an app, for example the Market app

sudo -u www-data php occ app:enable market
market enabled

Disable an app

sudo -u www-data php occ app:disable market
market disabled
Be aware that the following apps cannot be disabled: DAV, FederatedFileSharing, Files and Files_External.

app:check-code has multiple checks: it checks if an app uses ownCloud’s public API (OCP) or private API (OC_), and it also checks for deprecated methods and the validity of the info.xml file. By default all checks are enabled. The Activity app is an example of a correctly-formatted app

sudo -u www-data php occ app:check-code notifications
App is compliant - awesome job!

If your app has issues, you’ll see output like this

sudo -u www-data php occ app:check-code foo_app
Analysing /var/www/owncloud/apps/files/foo_app.php
4 errors
   line   45: OCP\Response - Static method of deprecated class must not be called
   line   46: OCP\Response - Static method of deprecated class must not be called
   line   47: OCP\Response - Static method of deprecated class must not be called
   line   49: OC_Util - Static method of private class must not be called

You can get the full file path to an app

sudo -u www-data php occ app:getpath notifications
/var/www/owncloud/apps/notifications
....

[[background-jobs-selector]]
=== Background Jobs Selector

Use the `background` command to select which scheduler you want to use
for controlling _background jobs_, _Ajax_, _Webcron_, or _Cron_. This is
the same as using the *Cron* section on your ownCloud Admin page.

[source,console]

background background:ajax Use ajax to run background jobs background:cron Use cron to run background jobs background:webcron Use webcron to run background jobs

This example selects Ajax:

[source,console,subs="attributes+"]

sudo -u www-data php occ background:ajax Set mode for background jobs to 'ajax'

The other two commands are:

* `background:cron`
* `background:webcron`

TIP: See xref:configuration/server/background_jobs_configuration.adoc[background jobs configuration] to learn more.

=== Managing Background Jobs

Use the `background:queue` command to manage background jobs.

[source,console]
----
background:queue
 background:queue:delete     Delete a job from the queue
 background:queue:execute    Run a single background job from the queue
 background:queue:status     List queue status
----

==== Deleting a Background Job

The command `background:queue:delete` deletes a queued background job.
It requires the job id of the job to be deleted.

background:queue:delete <Job ID>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `Job ID` | ID of the job to be deleted
|===

WARNING: Deleting a job cannot be undone. Be sure that you want to delete the job before doing so.

This example deletes queued background job #12

[source,console,subs="attributes"]
----
{occ-command-example-prefix} background:queue:delete 12

Job has been deleted.
----

==== Executing a Background Job

The command `background:queue:execute` executes a queued background job.
It requires the job id of the job to be executed.

background:queue:execute [options] [--] <Job ID>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `Job ID` | ID of the job to be deleted
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `-f` +
`--force`            | Force run the job even if within timing interval
| `--accept-warning` | No warning about the usage of this command will be displayed
|===

This example executes queued background job #12.

[source,console,subs="attributes"]
----
{occ-command-example-prefix} background:queue:execute 12

This command is for maintenance and support purposes.
This will run the specified background job now. Regular scheduled runs of the job will
continue to happen at their scheduled times.
If you still want to use this command please confirm the usage by entering: yes
yes
Found job: OCA\UpdateNotification\Notification\BackgroundJob with ID 12
Running job...
Finished in 0 seconds
----

==== List Queued Backgroundjobs

The command `background:queue:status` will list queued background jobs, including
details when it last ran.

background:queue:status

This example lists the queue status:

[source,console,subs="attributes"]
----
{occ-command-example-prefix} background:queue:status

  +----+---------------------------------------------------+---------------------------+---------------+
  | Id | Job                                               | Last run                  | Job Arguments |
  +----+---------------------------------------------------+---------------------------+---------------+
  | 1  | OCA\Files\BackgroundJob\ScanFiles                 | 2018-06-13T15:15:04+00:00 |               |
  | 2  | OCA\Files\BackgroundJob\DeleteOrphanedItems       | 2018-06-13T15:15:04+00:00 |               |
  | 3  | OCA\Files\BackgroundJob\CleanupFileLocks          | 2018-06-13T15:15:04+00:00 |               |
  | 4  | OCA\DAV\CardDAV\SyncJob                           | 2018-06-12T19:15:02+00:00 |               |
  | 5  | OCA\Federation\SyncJob                            | 2018-06-12T19:15:02+00:00 |               |
  | 6  | OCA\Files_Sharing\DeleteOrphanedSharesJob         | 2018-06-13T15:15:04+00:00 |               |
  | 7  | OCA\Files_Sharing\ExpireSharesJob                 | 2018-06-12T19:15:02+00:00 |               |
  | 8  | OCA\Files_Trashbin\BackgroundJob\ExpireTrash      | 2018-06-13T15:15:04+00:00 |               |
  | 9  | OCA\Files_Versions\BackgroundJob\ExpireVersions   | 2018-06-13T15:15:04+00:00 |               |
  | 10 | OCA\UpdateNotification\Notification\BackgroundJob | 2018-06-12T19:15:03+00:00 |               |
  | 11 | OC\Authentication\Token\DefaultTokenCleanupJob    | 2018-06-13T15:15:04+00:00 |               |
  +----+---------------------------------------------------+---------------------------+---------------+
----

[[config-commands]]
=== Config Commands

The `config` commands are used to configure the ownCloud server.

config config:app:delete Delete an app config value config:app:get Get an app config value config:app:set Set an app config value config:import Import a list of configuration settings config:list List all configuration settings config:system:delete Delete a system config value config:system:get Get a system config value config:system:set Set a system config value

You can list all configuration values with one command:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:list

By default, passwords and other sensitive data are omitted from the
report, so the output can be posted publicly (e.g., as part of a bug
report). In order to generate a full backport of all configuration
values the `--private` flag needs to be set:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:list --private

The exported content can also be imported again to allow the fast setup
of similar instances. The import command will only add or update values.
Values that exist in the current configuration, but not in the one that
is being imported are left untouched.

[source,console,subs="attributes+"]

sudo -u www-data php occ config:import filename.json

It is also possible to import remote files, by piping the input:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:import < local-backup.json

NOTE: While it is possible to update/set/delete the versions and installation statuses of apps and ownCloud
itself, it is *not* recommended to do this directly. Use the `occ app:enable`, `occ app:disable` and
`occ update` commands instead.

[[getting-a-single-configuration-value]]
==== Getting a Single Configuration Value

These commands get the value of a single app or system configuration:

==== config:system:get

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:get [options] [--] <name> (<name>)…​

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `name` | Name of the config to get. Specify multiple for array parameter.
|===

===== Options

[width="100%",cols="33%,70%",]
|===
| `--default-value[=DEFAULT-VALUE]` | If no default value is set and the config does not exist,
the command will exit with 1.
| `--output=[OUTPUT]`               | The output format to use (`plain`, `json` or `json_pretty`, default is `plain`).
|===

==== config:app:get

[source,console,subs="attributes+"]

sudo -u www-data php occ config:app:set [options] [--] <app> <name>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `app`  |  Name of the app.
| `name` |  Name of the config to get.
|===

===== Options

[width="100%",cols="33%,70%",]
|===
| `--default-value[=DEFAULT-VALUE]` | If no default value is set and the config does not exist,
the command will exit with 1.
| `--output=[OUTPUT]` | The output format to use (`plain`, `json` or `json_pretty`, default is `plain`).
|===

Examples

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:get version 10.0.8.5

sudo -u www-data php occ config:app:get activity installed_version 2.2.1

[[setting-a-single-configuration-value]]
==== Setting a Single Configuration Value

These commands set the value of a single app or system configuration.

==== config:system:set

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:set [options] [--] <name> (<name>)…​

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `name` |  Name of the config parameter, specify multiple for array parameter.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--type=[TYPE]`     | Value type to use (`string`, `integer`, `double`, `boolean`, `json`, default is `string`). +
Note: you must use json to write multi array values.
| `--value=[VALUE]`   | The new value of the config.
| `--update-only`     | Only updates the value, if it is not set before, it is not being added.
| `--output=[OUTPUT]` | The output format to use (`plain`, `json` or `json_pretty`, default is `plain`).
|===

==== config:app:set

[source,console,subs="attributes+"]

sudo -u www-data php occ config:app:set [options] [--] <app> <name>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `app`  |  Name of the app.
| `name` |  Name of the config to set.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--value=[VALUE]`   | The new value of the config.
| `--update-only`     | Only updates the value, if it is not set before, it is not being added.
| `--output=[OUTPUT]` | The output format to use (`plain`, `json` or `json_pretty`, default is `plain`).
|===

Examples

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:set \ logtimezone \ --value="Europe/Berlin" System config value logtimezone set to Europe/Berlin

[source,console,subs="attributes+"]

sudo -u www-data php occ config:app:set \ files_sharing \ incoming_server2server_share_enabled \ --value=true \ --type=boolean Config value incoming_server2server_share_enabled for app files_sharing set to yes

The `config:system:set` command creates the value, if it does not
already exist. To update an existing value, set `--update-only`:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:set \ doesnotexist \ --value=true \ --type=boolean \ --update-only Value not updated, as it has not been set before.

NOTE: In order to write a boolean, float, JSON, or integer value to the configuration file,
you need to specify the type on your command. This applies only to the `config:system:set` command.
Please see table above for available types.

Examples

Disable the maintenance mode:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:set maintenance \ --value=false \ --type=boolean

ownCloud is in maintenance mode - no app have been loaded System config value maintenance set to boolean false

Create the `app_paths` config setting (using a JSON payload because of multi array values):

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:set apps_paths \ --type=json \ --value='[ { "path":"/var/www/owncloud/apps", "url":"/apps", "writable": false }, { "path":"/var/www/owncloud/apps-external", "url":"/apps-external", "writable": true } ]'

[[setting-an-array-of-configuration-values]]
==== Setting an Array of Configuration Values

Some configurations (e.g., the trusted domain setting) are an array of
data. The array starts counting with 0. In order to set (and also get)
the value of one key, you can specify multiple `config` names separated
by spaces:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:get trusted_domains localhost owncloud.local sample.tld

To replace `sample.tld` with `example.com` trusted_domains => 2 needs to
be set:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:set trusted_domains 2 --value=example.com System config value trusted_domains ⇒ 2 set to string example.com

sudo -u www-data php occ config:system:get trusted_domains localhost owncloud.local example.com

[[deleting-a-single-configuration-value]]
==== Deleting a Single Configuration Value

These commands delete the configuration of an app or system configuration:

==== config:system:delete

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:delete [options] [--] <name> (<name>)…​

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `name` |  Name of the config to delete, specify multiple for array parameter.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--error-if-not-exists` | Checks whether the config exists before deleting it.
| `--output=[OUTPUT]`     | The output format to use (`plain`, `json` or `json_pretty`, default is `plain`).
|===

==== config:app:delete

[source,console,subs="attributes+"]

sudo -u www-data php occ config:app:delete [options] [--] <app> <name>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `app`  |  Name of the app.
| `name` |  Name of the config to delete.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--error-if-not-exists` | Checks whether the config exists before deleting it.
| `--output=[OUTPUT]`     | The output format to use (`plain`, `json` or `json_pretty`, default is `plain`).
|===

Examples:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:delete maintenance:mode System config value maintenance:mode deleted

sudo -u www-data php occ config:app:delete myappname provisioning_api Config value provisioning_api of app myappname deleted

The delete command will by default not complain if the configuration was
not set before. If you want to be notified in that case, set the
`--error-if-not-exists` flag.

[source,console,subs="attributes+"]

sudo -u www-data php occ config:system:delete doesnotexist --error-if-not-exists Config provisioning_api of app appname could not be deleted because it did not exist

[[dav-commands]]
=== Dav Commands

A set of commands to create address books, calendars, and to migrate
address books:

[source,console]
----
dav
 dav:cleanup-chunks            Cleanup outdated chunks
 dav:create-addressbook        Create a dav address book
 dav:create-calendar           Create a dav calendar
 dav:sync-birthday-calendar    Synchronizes the birthday calendar
 dav:sync-system-addressbook   Synchronizes users to the system address book
----

NOTE: These commands are not available in xref:maintenance-commands[single-user (maintenance) mode].

`dav:cleanup-chunks` cleans up outdated chunks (uploaded files) more
than a certain number of days old. By default, the command cleans up
chunks more than 2 days old. However, by supplying the number of days to
the command, the range can be increased. For example, in the example
below, chunks older than 10 days will be removed.

[source,console,subs="attributes+"]

sudo -u www-data php occ dav:cleanup-chunks 10

example output

Cleaning chunks older than 10 days(2017-11-08T13:13:45+00:00) Cleaning chunks for admin 0 [>---------------------------]

The syntax for `dav:create-addressbook` and `dav:create-calendar` is
`dav:create-addressbook [user] [name]`. This example creates the
addressbook `mollybook` for the user molly:

[source,console,subs="attributes+"]

sudo -u www-data php occ dav:create-addressbook molly mollybook

This example creates a new calendar for molly:

[source,console,subs="attributes+"]

sudo -u www-data php occ dav:create-calendar molly mollycal

Molly will immediately see these on her Calendar and Contacts pages.
Your existing calendars and contacts should migrate automatically when
you upgrade. If something goes wrong you can try a manual migration.
First delete any partially-migrated calendars or address books. Then run
this command to migrate user's contacts:

[source,console,subs="attributes+"]

sudo -u www-data php occ dav:migrate-addressbooks [user]

Run this command to migrate calendars:

[source,console,subs="attributes+"]

sudo -u www-data php occ dav:migrate-calendars [user]

`dav:sync-birthday-calendar` adds all birthdays to your calendar from
address books shared with you. This example syncs to your calendar from
user `bernie`:

[source,console,subs="attributes+"]

sudo -u www-data php occ dav:sync-birthday-calendar bernie

`dav:sync-system-addressbook` synchronizes all users to the system
addressbook.

[source,console,subs="attributes+"]

sudo -u www-data php occ dav:sync-system-addressbook

[[database-conversion]]
=== Database Conversion

The SQLite database is good for testing, and for ownCloud servers with
small single-user workloads that do not use sync clients, but production
servers with multiple users should use MariaDB, MySQL, or PostgreSQL.
You can use `occ` to convert from SQLite to one of these other
databases.

[source,console]
----
db
 db:convert-type           Convert the ownCloud database to the newly configured one
 db:generate-change-script Generates the change script from the current
                           connected db to db_structure.xml
----

You need:

* Your desired database and its PHP connector installed.
* The login and password of a database admin user.
* The database port number, if it is a non-standard port.

This is example converts SQLite to MySQL/MariaDB:

[source,console,subs="attributes+"]

sudo -u www-data php occ db:convert-type mysql oc_dbuser 127.0.0.1 oc_database

TIP: For a more detailed explanation see xref:configuration/database/db_conversion.adoc[converting database types].

[[encryption]]
=== Encryption

`occ` includes a complete set of commands for managing encryption.

[source,console]
----
encryption
 encryption:change-key-storage-root  Change key storage root
 encryption:decrypt-all              Disable server-side encryption and decrypt all files
 encryption:disable                  Disable encryption
 encryption:enable                   Enable encryption
 encryption:encrypt-all              Encrypt all files for all users
 encryption:list-modules             List all available encryption modules
 encryption:migrate                  initial migration to encryption 2.0
 encryption:recreate-master-key      Replace existing master key with new one. Encrypt the file system with
                                     newly created master key
 encryption:select-encryption-type   Select the encryption type. The encryption types available are: masterkey and
                                     user-keys. There is also no way to disable it again.
 encryption:set-default-module       Set the encryption default module
 encryption:show-key-storage-root    Show current key storage root
 encryption:status                   Lists the current status of encryption
----

==== Command Description

`encryption:status` shows whether you have active encryption, and your
default encryption module. To enable encryption you must first enable
the Encryption app, and then run `encryption:enable`:

[source,console,subs="attributes+"]

sudo -u www-data php occ app:enable encryption sudo -u www-data php occ encryption:enable sudo -u www-data php occ encryption:status - enabled: true - defaultModule: OC_DEFAULT_MODULE

`encryption:change-key-storage-root` is for moving your encryption keys
to a different folder. It takes one argument, `newRoot`, which defines
your new root folder. The folder must exist, and the path is relative to
your root ownCloud directory.

[source,console,subs="attributes+"]

sudo -u www-data php occ encryption:change-key-storage-root ../../etc/oc-keys

You can see the current location of your keys folder:

[source,console,subs="attributes+"]

sudo -u www-data php occ encryption:show-key-storage-root Current key storage root: default storage location (data/)

`encryption:list-modules` displays your available encryption modules.
You will see a list of modules only if you have enabled the Encryption
app. Use `encryption:set-default-module [module name]` to set your
desired module.

`encryption:encrypt-all` encrypts all data files for all users.
You must first put your ownCloud server into xref:maintenance-commands[single-user mode]
to prevent any user activity until encryption is completed.

`encryption:decrypt-all` decrypts all user data files, or optionally a single user:

[source,console,subs="attributes+"]

sudo -u www-data php occ encryption:decrypt freda

Users must have enabled recovery keys on their Personal pages. You must
first put your ownCloud server into single-user mode <maintenance_commands>
to prevent any user activity until decryption is completed.

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `-m=[METHOD]` | Accepts the methods: +
`recovery` or `password` +
If the _recovery_ method is chosen, then the recovery password will be used to decrypt files. +
If the _password_ method is chosen, then individual user passwords will be used to decrypt files.
| `-c=[COMMAND]` | Accepts  the commands: +
`yes` or `no` +

This lets the command know whether to ask for permission to
continue or not.
|===

==== Method Descriptions

===== Recovery method

This method reads the value from the environment variable `OC_RECOVERY_PASSWORD`. This variable bounds the value of recovery password set in the encryption page. If this variable is not set the recovery process will be halted. This has to be used for decrypting all users. While opting recovery method user should not forget to set `OC_RECOVERY_PASSWORD` in the shell.

===== Password method

This method reads the value from the environment variable `OC_PASSWORD`. This variable bounds the value of user password. The password which user uses to login to oC account. When password method is opted the user needs to set this variable in the shell.

==== Continue Option Description

The continue option can be used to by pass the permissions asked like `yes` or `no` while decrypting the file system. If the user is sure about what he/she is doing with the command and would like to proceed, then `-c yes` when provided to the command would not ask permissions. If `-c no` is passed to the command, then permissions would be asked to the user. It becomes interactive.

Use `encryption:disable` to disable your encryption module.
You must first put your ownCloud server into xref:maintenance-commands[single-user mode] to prevent any user activity.

`encryption:migrate` migrates encryption keys after a major ownCloud
version upgrade.
You may optionally specify individual users in a space-delimited list.
See xref:configuration/files/encryption/encryption_configuration.adoc[encryption configuration] to learn more.

[[recreate-master-key]]

`encryption:recreate-master-key` decrypts the ownCloud file system, replaces the existing master key with a new one, and encrypts the entire ownCloud file system with the new master key. Given the size of your ownCloud filesystem, this may take some time to complete. However, if your filesystem is quite small, then it will complete quite quickly. The `-y` switch can be supplied to automate acceptance of user input.

[[federation-sync]]
=== Federation Sync

Synchronize the address books of all federated ownCloud servers.

Servers connected with federation shares can share user address books,
and auto-complete usernames in share dialogs. Use this command to
synchronize federated servers:

[source,console,subs="attributes+"]
----
{occ-command-example-prefix} federation:sync-addressbooks
----

NOTE: This command is only available when the "Federation" app (`federation`) is enabled.

=== Poll Incoming Federated Shares For Updates

This command must be used if received federated shares are being referenced by desktop clients but not regularly accessed via the webUI.
This is because, for performance reasons, federated shares do not update automatically.
Instead, federated share directories are only updated when users browse them using the xref:user_manual:files/webgui/overview.adoc[webUI].

ownCloud and system administrators can use the `incoming-shares:poll` command to poll federated shares for updates.

NOTE: The command polls all received federated shares, so does not require a path.

[source,console,subs="attributes+"]
----
federation:sync-addressbooks  Synchronizes address books of all federated clouds
----

Servers connected with federation shares can share user address books,
and auto-complete usernames in share dialogs. Use this command to
synchronize federated servers:

sudo -u www-data php occ federation:sync-addressbooks

NOTE: This command is only available when the "Federation" app (`federation`) is enabled.

[[file-operations]]
=== File Operations

`occ` has three commands for managing files in ownCloud.

[source,console]
----
files
 files:checksums:verify     Get all checksums in filecache and compares them by
                            recalculating the checksum of the file.
 files:cleanup              Deletes orphaned file cache entries.
 files:scan                 Rescans the filesystem.
 files:transfer-ownership   All files and folders are moved to another user
                            - outgoing shares are moved as well (incoming shares are
                            not moved as the sharing user holds the ownership of the respective files).
----

NOTE: These commands are not available in xref:maintenance-commands[single-user (maintenance) mode].

[[the-fileschecksumsverify-command]]
==== The files:checksums:verify command

ownCloud supports file integrity checking, by computing and matching
checksums. Doing so ensures that transferred files arrive at their
target in the exact state as they left their origin.

In some rare cases, wrong checksums are written to the database which
leads to synchronization issues, such as with the Desktop Client. To
mitigate such problems a new command is available:
`occ files:checksums:verify`.

Executing the command recalculates checksums, either for all files of a
user or within a specified filesystem path on the designated storage. It
then compares them with the values in the database. The command also
offers an option to repair incorrect checksum values (`-r, --repair`).

CAUTION: Executing this command might take some time depending on the file count.

Below is sample output that you can expect to see when using the
command.

[source,console,subs="attributes+"]

sudo -u www-data php occ files:checksums:verify This operation might take very long. Mismatch for files/welcome.txt: Filecache: SHA1:eeb2c08011374d8ad4e483a4938e1aa1007c089d MD5:368e3a6cb99f88c3543123931d786e21 ADLER32:c5ad3a63 Actual: SHA1:da39a3ee5e6b4b0d3255bfef95601890afd80709 MD5:d41d8cd98f00b204e9800998ecf8427e ADLER32:00000001 Mismatch for thumbnails/9/2048-2048-max.png: Filecache: SHA1:2634fed078d1978f24f71892bf4ee0e4bd0c3c99 MD5:dd249372f7a68c551f7e6b2615d49463 ADLER32:821230d4 Actual: SHA1:da39a3ee5e6b4b0d3255bfef95601890afd80709 MD5:d41d8cd98f00b204e9800998ecf8427e ADLER32:00000001

[[the-filescleanup-command]]
==== The files:cleanup command

`files:cleanup` tidies up the server's file cache by deleting all file
entries that have no matching entries in the storage table.

[[the-filesscan-command]]
==== The files:scan command

The `files:scan` command

* Scans for new files.
* Scans not fully scanned files.
* Repairs file cache holes.
* Updates the file cache.

File scans can be performed per-user, for a space-delimited list of users, for groups of users, and for all users.

[source,console,subs="attributes+"]

sudo -u www-data php occ files:scan --help Usage: files:scan [options] [--] [<user_id>]…​

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `user_id` | Will rescan all files of the given user(s).
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--output=[OUTPUT]`    | The output format to use (`plain`, `json` or `json_pretty`, default is `plain`).
| `-p --path=[PATH]`     | Limit rescan to this path, eg. --path="/alice/files/Music",
the user_id is determined by the path and the user_id parameter and --all are ignored.
| `-g --groups=[GROUPS]` | Scan user(s) under the group(s).
This option can be used as --groups=foo,bar to scan groups foo and bar.
| `-q --quiet`           | Do not output any message.
| `--all`                | Will rescan all files of all known users.
| `--repair`             | Will repair detached filecache entries (slow).
| `--unscanned`          | Only scan files which are marked as not fully scanned.
|===

TIP: If not using `--quiet`, statistics will be shown at the end of the scan.

[[the---path-option]]
===== The `--path` Option

When using the `--path` option, the path must be in one of the following
formats:

"user_id/files/path" "user_id/files/mount_name" "user_id/files/mount_name/path"

For example:

--path="/alice/files/Music"

In the example above, the user_id `alice` is determined implicitly from the path component given.
To get a list of scannable mounts for a given user, use the following command:

[source,console,subs="attributes+"]

sudo -u www-data php occ files_external:list user_id

TIP: Mounts are only scannable at the point of origin. Scanning of shares including federated shares is not necessary on the receiver side and therefore not possible.

NOTE: Mounts based on session credentials can not be scanned as the users credentials are not available to the occ command set.


The `--path`, `--all`, `--groups` and `[user_id]` parameters are exclusive - only one must be specified.

[[the-repair-option]]
===== The `--repair` Option

As noted above, repairs can be performed for individual users, groups of
users, and for all users in an ownCloud installation. What's more,
repair scans can be run even if no files are known to need repairing and
if one or more files are known to be in need of repair. Two examples of
when files need repairing are:

* If folders have the same entry twice in the web UI (known as a
'__ghost folder__'), this can also lead to strange error messages in
the desktop client.
* If entering a folder doesn't seem to lead into that folder.

CAUTION: We strongly suggest that you backup the database before running this command.

The `--repair` option can be run within two different scenarios:

* Requiring a downtime when used on all affected storages at once.
* Without downtime, filtering by a specified User Id.

The following commands show how to enable single user mode, run a repair file scan in bulk on all storages,
and then disable single user mode. This way is much faster than running the command for every user seperately, but it requires single user mode.

[source,console,subs="attributes+"]

sudo -u www-data php occ maintenance:singleuser --on sudo -u www-data php occ files:scan --all --repair sudo -u www-data php occ maintenance:singleuser --off

The following command filters by the storage of the specified user.

[source,console,subs="attributes+"]

sudo -u www-data php occ files:scan USERID --repair

TIP: If many users are affected, it could be convenient to create a shell script, which iterates over a list of User ID's.

[[the-filestransfer-ownership-command]]
==== The files:transfer-ownership command

You may transfer all files and shares from one user to another. This is
useful before removing a user. For example, to move all files from
`<source-user>` to `<destination-user>`, use the following command:

[source,console,subs="attributes+"]

sudo -u www-data php occ files:transfer-ownership <source-user> <destination-user>

You can also move a limited set of files from `<source-user>` to
`<destination-user>` by making use of the `--path` switch, as in the
example below. In it, `folder/to/move`, and any file and folder inside
it will be moved to `<destination-user>`.

[source,console,subs="attributes+"]

sudo -u www-data php occ files:transfer-ownership --path="folder/to/move" <source-user> <destination-user>

When using this command, please keep in mind:

1.  The directory provided to the `--path` switch *must* exist inside
`data/<source-user>/files`.
2.  The directory (and its contents) won't be moved as is between the
users. It'll be moved inside the destination user's `files` directory,
and placed in a directory which follows the format:
`transferred from <source-user> on <timestamp>`. Using the example
above, it will be stored under:
`data/<destination-user>/files/transferred from <source-user> on 20170426_124510/`
3.  Currently file versions can't be transferred. Only the latest
version of moved files will appear in the destination user's account.

[[files-external]]
=== Files External

These commands replace the `data/mount.json` configuration file used in
ownCloud releases before 9.0.

Commands for managing external storage.

[source,console]
----
files_external
 files_external:applicable  Manage applicable users and groups for a mount
 files_external:backends    Show available authentication and storage backends
 files_external:config      Manage backend configuration for a mount
 files_external:create      Create a new mount configuration
 files_external:delete      Delete an external mount
 files_external:export      Export mount configurations
 files_external:import      Import mount configurations
 files_external:list        List configured mounts
 files_external:option      Manage mount options for a mount
 files_external:verify      Verify mount configuration
----

These commands replicate the functionality in the ownCloud Web GUI, plus
two new features: `files_external:export` and `files_external:import`.

Use `files_external:export` to export all admin mounts to stdout, and
`files_external:export [user_id]` to export the mounts of the specified
ownCloud user.

NOTE: These commands are only available when the "External storage support" app (`files_external`) is enabled. It is not available in xref:maintenance-commands[single-user (maintenance) mode].

==== files_external:list

List configured mounts.

===== Usage

[source,console]

files_external:list [--show-password] [--full] [-a|--all] [-s|--short] [--] [<user_id>]

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `user_id` | User ID to list the personal mounts for, if no user is provided admin mounts will be listed.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--show-password`   | User to add the mount configurations for, if not set the mount will
be added as system mount.
| `--full`            | Don't save the imported mounts, only list the new mounts.
| `-a, --all`         | Show both system-wide mounts and all personal mounts.
| `-s, --short`       | Show only a reduced mount info.
| `--output=[OUTPUT]` | The output format to use (`plain`, `json` or `json_pretty`, default is `plain`).
|===

===== Example

[source,console,subs="attributes+"]

sudo -uwww-data ./occ files_external:list user_1 --short -------------------------------------- | Mount ID | Mount Point | Type | -------------------------------------- | 1 | /mount_1 | Personal | | 2 | /mount_2 | Personal | --------------------------------------

==== files_external:applicable

Manage applicable users and groups for a mount.

===== Usage

[source,console]

files_external:applicable [--add-user ADD-USER] [--remove-user REMOVE-USER] [--add-group ADD-GROUP] [--remove-group REMOVE-GROUP] [--remove-all] [--output [OUTPUT]] [--] <mount_id>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `mount_id` | Can be obtained using `occ files_external:list`.
|===


===== Options

[width="100%",cols="20%,70%",]
|===
| `--add-user`        | user to add as applicable (multiple values allowed).
| `--remove-user`     | user to remove as applicable (multiple values allowed).
| `--add-group`       | group to add as applicable (multiple values allowed).
| `--remove-group`    | group to remove as applicable (multiple values allowed).
| `--remove-all`      | Set the mount to be globally applicable.
| `--output=[OUTPUT]` | The output format to use (plain, json or json_pretty, default is plain).
|===

==== files_external:backends

Show available authentication and storage backends.

===== Usage

[source,console]

files_external:backends [options] [--] [<type>] [<backend>]

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `type`    | Only show backends of a certain type. Possible values are `authentication` or `storage`.
| `backend` | Only show information of a specific backend.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--output=[OUTPUT]` | The output format to use (plain, json or json_pretty, default is plain.
|===

==== files_external:config

Manage backend configuration for a mount.

===== Usage

[source,console]

files_external:config [options] [--] <mount_id> <key> [<value>]

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `mount_id` | The ID of the mount to edit.
| `key`      | Key of the config option to set/get.
| `value`    | Value to set the config option to, when no value is provided the
existing value will be printed.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--output=[OUTPUT]` | The output format to use (_plain_, _json_ or _json_pretty_. The default is plain).
|===

==== files_external:create

Create a new mount configuration.

===== Usage

[source,console]

files_external:create [options] [--] <mount_point> <storage_backend> <authentication_backend>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `mount_point`            | Mount point for the new mount.
| `storage_backend`        | Storage backend identifier for the new mount, see
`occ files_external:backends` for possible values.
| `authentication_backend` | Authentication backend identifier for the new mount, see
`occ files_external:backends` for possible values.
|===

====== Options

[width="100%",cols="20%,70%",]
|===
| `--user=[USER]`         | User to add the mount configurations for,
if not set the mount will be added as system mount.
| `-c, --config=[CONFIG]` | Mount configuration option in `key=value` format (multiple values allowed).
| `--dry`                 | Don't save the imported mounts, only list the new mounts.
| `--output=[OUTPUT]`     | The output format to use (`plain`, `json` or `json`pretty`).
The default is `plain`.
|===

===== Storage Backend Details

[width="80%",cols="40%,60%",options="header"]
|===
| Storage Backend          | Identifier
| Windows Network Drive    | `windows_network_drive`
| WebDav                   | `dav`
| Local                    | `local`
| ownCloud                 | `owncloud`
| SFTP                     | `sftp`
| Amazon S3                | `amazons3`
| Dropbox                  | `dropbox`
| Google Drive             | `googledrive`
| OpenStack Object Storage | `swift`
| SMB / CIFS               | `smb`
|===

===== Authentication Details

[width="80%",cols="40%,60%",options="header"]
|===
| Authentication method | Identifier, name, configuration

| Log-in credentials, save in session  | `password::sessioncredentials`
| Log-in credentials, save in database | `password::logincredentials`
| User entered, store in database      | `password::userprovided` (*)
| Global Credentials                   | `password::global`
| None                                 | `null::null`
| Builtin                              | `builtin::builtin`
| Username and password                | `password::password`
| OAuth1                               | `oauth1::oauth1` (*)
| OAuth2                               | `oauth2::oauth2` (*)
| RSA public key                       | `publickey::rsa` (*)
| OpenStack                            | `openstack::openstack` (*)
| Rackspace                            | `openstack::rackspace` (*)
| Access key (Amazon S3)               | `amazons3::accesskey` (*)
|===

(*) - Authentication methods require additional configuration.

NOTE: Each Storage Backend needs its corresponding authentication methods.

==== files_external:delete

Delete an external mount.

===== Usage

[source,console]

files_external:delete [options] [--] <mount_id>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `mount_id` | The ID of the mount to edit.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `-y, --yes`         | Skip confirmation.
| `--output=[OUTPUT]` | The output format to use (plain, json or json_pretty, default is plain).
|===

==== files_external:export

===== Usage

[source,console]

files_external:export [options] [--] [<user_id>]

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `user_id` | User ID to export the personal mounts for, if no user is provided admin
mounts will be exported.
|===

====== Options

[width="100%",cols="20%,70%",]
|===
| `-a, --all` | Show both system wide mounts and all personal mounts.
|===

==== files_external:import

Import mount configurations.

===== Usage

[source,console]

files_external:import [options] [--] <path>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `path` | Path to a json file containing the mounts to import, use `-` to read from stdin.
|===

====== Options

[width="100%",cols="20%,70%",]
|===
| `--user=[USER]`     | User to add the mount configurations for, if not set the mount will be
added as system mount.
| `--dry`             | Don't save the imported mounts, only list the new mounts.
| `--output=[OUTPUT]` | The output format to use (_plain_, _json_ or _json_pretty_, default is _plain_).
|===

==== files_external:option

Manage mount options for a mount.

===== Usage

[source,console]

files_external:option <mount_id> <key> [<value>]

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `mount_id` | The ID of the mount to edit.
| `key`      | Key of the mount option to set/get.
| `value`    | Value to set the mount option to, when no value is provided the existing
value will be printed.
|===

==== files_external:verify

Verify mount configuration.

===== Usage

[source,console]

files_external:verify [options] [--] <mount_id>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `mount_id` | The ID of the mount to check.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `-c, --config=[CONFIG]` | Additional config option to set before checking in `key=value` pairs,
required for certain auth backends such as login credentials (multiple values allowed).
| `--output=[OUTPUT]`     | The output format to use (_plain_, _json_ or _json_pretty_, default is plain).
|===

==== files_external:create

You can create general (for all users) and personal (user-specific) shares by passing share configuration information on the command line, with the `files_external:create` command.
The syntax is:

[source,console]

files_external:create [options] [--] <mount_point> <storage_backend> <authentication_backend>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| mount point            | Path of the mount point within the file system.
| storage_backend        | Storage backend identifier.
| authentication_backend | Authentication backend authentifier.
|===

===== Storage Backend Details

[width="80%",cols="40%,60%",options="header"]
|===
| Storage Backend         | Identifier
| Windows Network Drive   | `windows_network_drive`
| WebDav                  | `dav`
| Local                   | `local`
| ownCloud                | `owncloud`
| SFTP                    | `sftp`
| Amazon S3               | `amazons3`
| Dropbox                 | `dropbox`
| Google Drive            | `googledrive`
| OpenStack Object Storage| `swift`
| SMB / CIFS              | `smb`
|===

===== Authentication Details

[width="80%",cols="40%,60%",options="header"]
|===
| Authentication method                | Identifier, name, configuration
| Log-in credentials, save in session  | `password::sessioncredentials`
| Log-in credentials, save in database | `password::logincredentials`
| User entered, store in database      | `password::userprovided` (*)
| Global Credentials                   | `password::global`
| None                                 | `null::null`
| Builtin                              | `builtin::builtin`
| Username and password                | `password::password`
| OAuth1                               | `oauth1::oauth1` (*)
| OAuth2                               | `oauth2::oauth2` (*)
| RSA public key                       | `publickey::rsa` (*)
| OpenStack                            | `openstack::openstack` (*)
| Rackspace                            | `openstack::rackspace` (*)
| Access key (Amazon S3)               | `amazons3::accesskey` (*)
|===

(*****) - Authentication methods require additional configuration.

NOTE: Each Storage Backend needs its corresponding authentication methods.

[[group-commands]]
=== Group Commands

The `group` commands provide a range of functionality for managing
ownCloud groups. This includes creating and removing groups and managing
group membership. Group names are case-sensitive, so "Finance" and
"finance" are two different groups.

The full list of commands is:

[source,console]
----
group
 group:add                           Adds a group
 group:add-member                    Add members to a group
 group:delete                        Deletes the specified group
 group:list                          List groups
 group:list-members                  List group members
 group:remove-member                 Remove member(s) from a group
----

[[creating-groups]]
==== Creating Groups

You can create a new group with the `group:add` command. The syntax is:

group:add groupname

This example adds a new group, called "Finance":

[source,console,subs="attributes+"]

sudo -u www-data php occ group:add Finance Created group "Finance"

[[listing-groups]]
==== Listing Groups

You can list the names of existing groups with the `group:list` command.
The syntax is:

group:list [options] [<search-pattern>]

Groups containing the `search-pattern` string are listed. Matching is
not case-sensitive. If you do not provide a search-pattern then all
groups are listed.

===== Options

[width="100%",cols="20%,50%",]
|====
| `--output=[OUTPUT]` | Output format (plain, json or json_pretty, default is plain) [default: "plain"].
|====

This example lists groups containing the string "finance".

[source,console,subs="attributes+"]

sudo -u www-data php occ group:list finance - All-Finance-Staff - Finance - Finance-Managers

This example lists groups containing the string "finance" formatted
with `json_pretty`.

[source,console,subs="attributes+"]

sudo -u www-data php occ group:list --output=json_pretty finance [ "All-Finance-Staff", "Finance", "Finance-Managers" ]

[[listing-group-members]]
==== Listing Group Members

You can list the user IDs of group members with the `group:list-members`
command. The syntax is:

group:list-members [options] <group>

===== Options

[width="100%",cols="20%,50%",]
|====
| `--output=[OUTPUT]` | Output format (plain, json or json_pretty, default is plain) [default: "plain"].
|====

This example lists members of the "Finance" group.

[source,console,subs="attributes+"]

sudo -u www-data php occ group:list-members Finance - aaron: Aaron Smith - julie: Julie Jones

This example lists members of the Finance group formatted with
`json_pretty`.

[source,console,subs="attributes+"]

sudo -u www-data php occ group:list-members --output=json_pretty Finance { "aaron": "Aaron Smith", "julie": "Julie Jones" }

[[adding-members-to-groups]]
==== Adding Members to Groups

You can add members to an existing group with the `group:add-member`
command. Members must be existing users. The syntax is

group:add-member [-m|--member [MEMBER]] <group>

This example adds members "aaron" and "julie" to group "Finance":

[source,console,subs="attributes+"]

sudo -u www-data php occ group:add-member --member aaron --member julie Finance User "aaron" added to group "Finance" User "julie" added to group "Finance"

You may attempt to add members that are already in the group, without
error. This allows you to add members in a scripted way without needing
to know if the user is already a member of the group. For example:

[source,console,subs="attributes+"]

sudo -u www-data php occ group:add-member --member aaron --member julie --member fred Finance User "aaron" is already a member of group "Finance" User "julie" is already a member of group "Finance" User fred" added to group "Finance"

[[removing-members-from-groups]]
==== Removing Members from Groups

You can remove members from a group with the `group:remove-member`
command. The syntax is:

group:remove-member [-m|--member [MEMBER]] <group>

This example removes members "aaron" and "julie" from group
"Finance".

[source,console,subs="attributes+"]

sudo -u www-data php occ group:remove-member --member aaron --member julie Finance Member "aaron" removed from group "Finance" Member "julie" removed from group "Finance"

You may attempt to remove members that have already been removed from
the group, without error. This allows you to remove members in a
scripted way without needing to know if the user is still a member of
the group. For example:

[source,console,subs="attributes+"]

sudo -u www-data php occ group:remove-member --member aaron --member fred Finance Member "aaron" could not be found in group "Finance" Member "fred" removed from group "Finance"

[[deleting-a-group]]
==== Deleting a Group

To delete a group, you use the `group:delete` command, as in the example
below:

[source,console,subs="attributes+"]

sudo -u www-data php occ group:delete Finance

[[integrity-check]]
=== Integrity Check

Apps which have an official tag *must* be code signed. Unsigned official
apps won't be installable anymore. Code signing is optional for all
third-party applications.

[source,console]
----
integrity
 integrity:check-app                 Check app integrity using a signature.
 integrity:check-core                Check core integrity using a signature.
 integrity:sign-app                  Signs an app using a private key.
 integrity:sign-core                 Sign core using a private key
----

After creating your signing key, sign your app like this example:

[source,console,subs="attributes+"]

sudo -u www-data php occ integrity:sign-app \ --privateKey=/Users/karlmay/contacts.key \ --certificate=/Users/karlmay/CA/contacts.crt \ --path=/Users/karlmay/Programming/contacts

Verify your app:

[source,console,subs="attributes+"]

sudo -u www-data php occ integrity:check-app --path=/pathto/app appname

When it returns nothing, your app is signed correctly.
When it returns a message then there is an error.

`integrity:sign-core` is for ownCloud core developers only.

TIP: See xref:configuration/general_topics/code_signing.adoc[code signing] to learn more.

[[l10n-create-javascript-translation-files-for-apps]]
=== l10n, Create Javascript Translation Files for Apps

This command creates JavaScript and JSON translation files for ownCloud
applications.

NOTE: The command does not update existing translations if the source translation file has been updated. It only creates translation files when none are present for a given language.

[source,console]
----
l10n
  l10n:createjs                Create Javascript translation files for a given app
----

The command takes two parameters; these are:

* `app`: the name of the application.
* `lang`: the output language of the translation files; more than one can be supplied.

To create the two translation files, the command reads translation data
from a source PHP translation file.

[[a-working-example]]
==== A Working Example

In this example, we'll create Austrian German translations for the
Gallery app.

NOTE: This example assumes that the ownCloud directory is `/var/www/owncloud` and that it uses ownCloud's
standard apps directory, `app`.

First, create a source translation file in
`/var/www/owncloud/apps/gallery/l10n`, called `de_AT.php`. In it, add
the required translation strings, as in the following example.
Refer to the developer documentation on xref:developer_manual:app/advanced/l10n.adoc#creating-your-own-translatable-files[creating translation files], if you're not familiar with creating them.

[source,php]
----
<?php
// The source string is the key, the translated string is the value.
$TRANSLATIONS = [
  "Share" => "Freigeben"
];
$PLURAL_FORMS = "nplurals=2; plural=(n != 1);";
----

After that, run the following command to create the translation.

[source,console,subs="attributes+"]

sudo -u www-data php occ l10n:createjs gallery de_AT

This will generate two translation files, `de_AT.js` and `de_AT.json`,
in `/var/www/owncloud/apps/gallery/l10n`.

[[create-translations-in-multiple-languages]]
===== Create Translations in Multiple Languages

To create translations in multiple languages simultaneously, supply
multiple languages to the command, as in the following example:

[source,console,subs="attributes+"]

sudo -u www-data php occ l10n:createjs gallery de_AT de_DE hu_HU es fr

[[logging-commands]]
=== Logging Commands

These commands view and configure your ownCloud logging preferences.

[source,console]
----
log
 log:manage     Manage logging configuration
 log:owncloud   Manipulate ownCloud logging backend
----

==== Command Description

Run `log:owncloud` to see your current logging status:

[source,console,subs="attributes+"]

sudo -u www-data php occ log:owncloud Log backend ownCloud: enabled Log file: /opt/owncloud/data/owncloud.log Rotate at: disabled

===== Options

[width="100%",cols="20%,50%",]
|====
| `--enable`                    | Enable this logging backend.
| `--file=[FILE]`               | Set the log file path.
| `--rotate-size=[ROTATE-SIZE]` | Set the file size for log rotation, 0 = disabled.
|====

Use the `--enable` option to turn on logging. Use `--file` to set a
different log file path. Set your rotation by log file size in bytes
with `--rotate-size`; 0 disables rotation.

Run `log:manage` to set your logging backend, log level, and timezone:

The defaults are `owncloud`, `Warning`, and `UTC`.

Options for `log:manage`:

[width="100%",cols="20%,50%",]
|====
| `--backend=[BACKEND]` | Set the logging backend [owncloud, syslog, errorlog].
| `--level=[LEVEL]`     | Set the log level [debug, info, warning, error, fatal].
|====

Log level can be adjusted by entering the number or the name:

[source,console,subs="attributes+"]

sudo -u www-data php occ log:manage --level 4 sudo -u www-data php occ log:manage --level error

TIP: Setting the log level to debug ( 0 ) can be used for finding the cause of an error, but should not be the standard as it increases the log file size.

[[maintenance-commands]]
=== Maintenance Commands

Use these commands when you upgrade ownCloud, manage encryption, perform
backups and other tasks that require locking users out until you are
finished.

[source,console]
----
maintenance
 maintenance:data-fingerprint        Update the systems data-fingerprint after a backup is restored
 maintenance:mimetype:update-db      Update database mimetypes and update filecache
 maintenance:mimetype:update-js      Update mimetypelist.js
 maintenance:mode                    Set maintenance mode
 maintenance:repair                  Repair this installation
 maintenance:singleuser              Set single user mode
 maintenance:update:htaccess         Updates the .htaccess file
----

`maintenance:mode` locks the sessions of all logged-in users, including
administrators, and displays a status screen warning that the server is
in maintenance mode. Users who are not already logged in cannot log in
until maintenance mode is turned off. When you take the server out of
maintenance mode logged-in users must refresh their Web browsers to
continue working.

[source,console,subs="attributes+"]

sudo -u www-data php occ maintenance:mode --on sudo -u www-data php occ maintenance:mode --off

Putting your ownCloud server into single-user mode allows admins to log
in and work, but not ordinary users. This is useful for performing
maintenance and troubleshooting on a running server.

[source,console,subs="attributes+"]

sudo -u www-data php occ maintenance:singleuser --on Single user mode enabled

Turn it off when you're finished:

[source,console,subs="attributes+"]

sudo -u www-data php occ maintenance:singleuser --off Single user mode disabled

Run `maintenance:data-fingerprint` to tell desktop and mobile clients
that a server backup has been restored. This command changes the ETag
for all files in the communication with sync clients, informing them
that one or more files were modified. After the command completes, users
will be prompted to resolve any conflicts between newer and older file
versions.

==== Installation Repair Commands

The `maintenance:repair` command helps administrators repair an installation.
The command runs automatically during upgrades to clean up the database.
So, while you can run it manually, there usually isn't a need to.

NOTE: Your ownCloud installation needs to be in maintenance mode to use the `maintenance:repair` command.

===== Repair Command Options

The `maintenance:repair` command supports the following options:

[cols="25%,75%",options="header"]
|===
|Option
|Description
a|`--ansi`
|Force ANSI output.
a|`--include-expensive`
|Use this option when you want to include resource and load expensive tasks.
a|`--list`
|Lists all possible repair steps
a|`--no-ansi`
|Disable ANSI output.
a|`-n` `--no-interaction`
|Do not ask any interactive question.
a|`--no-warnings`
|Skip global warnings, show command output only.
a|`-q` `--quiet`
|Do not output any message.
a|`-s` `--single=SINGLE`
|Run just one repair step given its class name.
a|`-V` `--version`
|Display this application version.
a|`-v\|vv\|vvv` `--verbose`
a|Increase the verbosity of messages:

* 1 for normal output
* 2 for more verbose output and 3 for debug
|===

Here is an example of running the command:

[source,console,subs="attributes"]

sudo -u www-data php occ maintenance:repair

To list all off the possible repair steps, use the `--list` option.
It should output the following list to the console:

Found 16 repair steps

OC\Repair\RepairMimeTypes → Repair mime types OC\Repair\RepairMismatchFileCachePath → Detect file cache entries with path that does not match parent-child relationships OC\Repair\FillETags → Generate ETags for file where no ETag is present. OC\Repair\CleanTags → Clean tags and favorites OC\Repair\DropOldTables → Drop old database tables OC\Repair\DropOldJobs → Drop old background jobs OC\Repair\RemoveGetETagEntries → Remove getetag entries in properties table OC\Repair\RepairInvalidShares → Repair invalid shares OC\Repair\RepairSubShares → Repair sub shares OC\Repair\SharePropagation → Remove old share propagation app entries OC\Repair\MoveAvatarOutsideHome → Move user avatars outside the homes to the new location OC\Repair\RemoveRootShares → Remove shares of a users root folder OC\Repair\RepairUnmergedShares → Repair unmerged shares OC\Repair\DisableExtraThemes → Disable extra themes OC\Repair\OldGroupMembershipShares → Remove shares of old group memberships OCA\DAV\Repair\RemoveInvalidShares → Remove invalid calendar and addressbook shares

===== Running a Single Repair Step

To run a single repair step, use either the `-s` or `--single` options, as in the following example.

[source,console,subs="attributes"]

sudo -u www-data php occ maintenance:repair --single="OCA\DAV\Repair\RemoveInvalidShares"

TIP: The step's name must be quoted, otherwise you will see the following warning message appear, and the command will fail:
"_Repair step not found. Use --list to show available steps._"

=== Mimetype Update Commands

`maintenance:mimetype:update-db` updates the ownCloud database and file cache with changed mimetypes found in `config/mimetypemapping.json`.
Run this command after modifying `config/mimetypemapping.json`.
If you change a mimetype, run `maintenance:mimetype:update-db --repair-filecache` to apply the change to existing files.

[[config-reports]]
=== Config Reports

If you're working with ownCloud support and need to send them a
configuration summary, you can generate it using the
`configreport:generate` command.
This command generates the same JSON-based report as the Admin Config Report, which you can access under `admin -> Settings -> Admin -> General -> Generate Config Report -> Download ownCloud config report`.

From the command-line in the root directory of your ownCloud
installation, run it as your webserver user as follows, (assuming your
webserver user is `www-data`):

[source,console,subs="attributes+"]

sudo -u www-data occ configreport:generate

This will generate the report and send it to `STDOUT`. You can
optionally pipe the output to a file and then attach it to an email to
ownCloud support, by running the following command:

[source,console,subs="attributes+"]

sudo -u www-data occ configreport:generate > generated-config-report.txt

Alternatively, you could generate the report and email it all in one
command, by running:

[source,console,subs="attributes+"]

sudo -u www-data occ configreport:generate | mail \ -s "configuration report" \ -r <the email address to send from> \ support@owncloud.com

NOTE: These commands are not available in single-user (maintenance) mode <maintenance_commands_label>.

[[security]]
=== Security

Use these commands when you manage security related tasks

Routes displays all routes of ownCloud. You can use this information to
grant strict access via firewalls, proxies or load balancers etc.

==== Command Description

[source,console]
----
security:routes [options]
----

===== Options

[width="100%",cols="20%,70%",]
|====
| `--output=[OUTPUT]` | Output format (plain, json or json-pretty, default is plain).
| `--with-details`    | Adds more details to the output.
|====

Example 1:

[source,console,subs="attributes+"]

sudo -uwww-data ./occ security:routes


----------------------------------------------------------------------------+ | Path | Methods | ----------------------------------------------------------------------------+ | /apps/federation/auto-add-servers | POST | | /apps/federation/trusted-servers | POST | | /apps/federation/trusted-servers/{id} | DELETE | | /apps/files/ | GET | | /apps/files/ajax/download.php | | …​

Example 2:

[source,console,subs="attributes+"]

sudo -uwww-data ./occ security:routes --output=json-pretty


[ { "path": "\/apps\/federation\/auto-add-servers", "methods": [ "POST" ] },

Example 3:

[source,console,subs="attributes+"]

sudo -uwww-data ./occ security:routes --with-details


---------------------------------------------------------------------------------------------------------------------------------------------+ | Path | Methods | Controller | Annotations | ---------------------------------------------------------------------------------------------------------------------------------------------+ | /apps/files/api/v1/sorting | POST | OCA\Files\Controller\ApiController::updateFileSorting | NoAdminRequired | | /apps/files/api/v1/thumbnail/{x}/{y}/{file} | GET | OCA\Files\Controller\ApiController::getThumbnail | NoAdminRequired,NoCSRFRequired | …​

The following commands manage server-wide SSL certificates. These are
useful when you create federation shares with other ownCloud servers
that use self-signed certificates.

[source,console]
----
security:certificates         List trusted certificates
security:certificates:import  Import trusted certificate
security:certificates:remove  Remove trusted certificate
----

This example lists your installed certificates:

[source,console,subs="attributes+"]

sudo -u www-data php occ security:certificates

Import a new certificate:

[source,console,subs="attributes+"]

sudo -u www-data php occ security:certificates:import /path/to/certificate

Remove a certificate:

[source,console,subs="attributes+"]

sudo -u www-data php occ security:certificates:remove [certificate name]

[[sharing]]
=== Sharing

This is an occ command to cleanup orphaned remote storages. To explain
why this is necessary, a little background is required. While shares are
able to be deleted as a normal matter of course, remote storages with
`shared::` are not included in this process.

This might not, normally, be a problem. However, if a user has re-shared
a remote share which has been deleted it will. This is because when the
original share is deleted, the remote re-share reference is not.
Internally, the `fileid` will remain in the file cache and storage for
that file will not be deleted.

As a result, any user(s) who the share was re-shared with will now get
an error when trying to access that file or folder. That's why the
command is available.

So, to cleanup all orphaned remote storages, run it as follows:

[source,console,subs="attributes+"]

sudo -u www-data php occ sharing:cleanup-remote-storages

You can also set it up to run as xref:background-jobs-selector[a background job].

NOTE: These commands are not available in xref:maintenance-commands[single-user (maintenance) mode].

[[trashbin]]
=== Trashbin

NOTE: These commands are only available when the 'Deleted files' app (`files_trashbin`) is enabled.
These commands are not available in xref:maintenance-commands[single-user (maintenance) mode].

[source,console]
----
trashbin
 trashbin:cleanup   Remove deleted files
 trashbin:expire    Expires the users trash bin
----

The `trashbin:cleanup` command removes the deleted files of the
specified users in a space-delimited list, or all users if none are
specified. This example removes all the deleted files of all users:

[source,console,subs="attributes+"]

sudo -u www-data php occ trashbin:cleanup Remove all deleted files Remove deleted files for users on backend Database freda molly stash rosa edward

This example removes the deleted files of users `molly` and `freda`:

[source,console,subs="attributes+"]

sudo -u www-data php occ trashbin:cleanup molly freda Remove deleted files of molly Remove deleted files of freda

`trashbin:expire` deletes only expired files according to the `trashbin_retention_obligation` setting in `config.php` (see xref:configuration/server/config_sample_php_parameters.adoc[the "Deleted Files" section documentation]).
The default is to delete expired files for all users, or you may list users in a space-delimited list.

[[user-commands]]
=== User Commands

The `user` commands provide a range of functionality for managing
ownCloud users. This includes: creating and removing users, resetting
user passwords, displaying a report which shows how many users you have,
and when a user was last logged in.

The full list, of commands is:

[source,console]
----
user
 user:add                            Adds a user
 user:delete                         Deletes the specified user
 user:disable                        Disables the specified user
 user:enable                         Enables the specified user
 user:inactive                       Reports users who are known to owncloud,
                                     but have not logged in for a certain number of days
 user:lastseen                       Shows when the user was logged in last time
 user:list                           List users
 user:list-groups                    List groups for a user
 user:modify                         Modify user details
 user:report                         Shows how many users have access
 user:resetpassword                  Resets the password of the named user
 user:setting                        Read and modify user application settings
 user:sync                           Sync local users with an external backend service
----

[[creating-users]]
==== Creating Users

You can create a new user with the `user:add` command.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:add [--password-from-env] [--display-name [DISPLAY-NAME]] [--email [EMAIL]] [-g|--group [GROUP]] [--] <uid>

===== Arguments

[width="100%",cols="30%,70%",]
|====
| `uid` | User ID used to login (must only contain a-z, A-Z, 0-9, -, _ and @).
|====

===== Options

[width="100%",cols="30%,70%",]
|====
| `--password-from-env`           | Read the password from the OC_PASS environment variable.
| `--display-name=[DISPLAY-NAME]` | The email-id set while creating the user, will be used to send
link for password reset. This option will also display the link sent to user.
| `--email=[EMAIL]`               | Email address for the user.
| `-g [GROUP]` +
`--group=[GROUP]`                | The groups the user should be added to. +
The group will be created if it does not exist. +
Multiple values allowed.
|====

This command lets you set the following attributes:

* *uid:* The `uid` is the user's username and their login name
* *display name:* This corresponds to the *Full Name* on the Users page
in your ownCloud Web UI
* *email address*
* *group*
* *login name*
* *password*  (cannot be "0")

This example adds new user Layla Smith, and adds her to the *users* and
*db-admins* groups. Any groups that do not exist are created.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:add \ --display-name="Layla Smith" \ --group="users" \ --group="db-admins" \ --email=layla.smith@example.com layla Enter password: Confirm password: The user "layla" was created successfully Display name set to "Layla Smith" Email address set to "layla.smith@example.com" User "layla" added to group "users" User "layla" added to group "db-admins"

After the command completes, go to your Users page, and you will see
your new user.

[[deleting-a-user]]
==== Deleting A User

To delete a user, you use the `user:delete` command.

[source,console,subs="attributes+"]
----
sudo -u www-data php occ user:delete <uid>
----

===== Arguments

[width="100%",cols="20%,70%",]
|====
| `uid` | The username.
|====

[source,console,subs="attributes+"]

sudo -u www-data php occ user:delete fred

[[disable-users]]
==== Disable Users

Admins can disable users via the occ command too:

[source,console,subs="attributes+"]

sudo -u www-data php occ user:disable <username>

NOTE: Once users are disabled, their connected browsers will be disconnected.Use the following command to enable the user again:

[[enable-users]]
==== Enable Users

[source,console,subs="attributes+"]

sudo -u www-data php occ user:enable <username>

[[finding-inactive-users]]
==== Finding Inactive Users

To view a list of users who've not logged in for a given number of days,
use the `user:inactive` command.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:inactive [options] [--] <days>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `<days>`  | The number of days (integer) that the user has not logged in since.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `--output=[OUTPUT]`  | Output format (plain, json or json_pretty, default is plain) [default: "plain"].
|===

The example below searches for users inactive for five days, or more.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:inactive 5

By default, this will generate output in the following format:
  • 0:

  • uid: admin

  • displayName: admin

  • inactiveSinceDays: 5

You can see a counting number starting with `0`, the user's user id, display name, and the number of days
they've been inactive. If you're passing or piping this information to
another application for further processing, you can also use the
`--output` switch to change its format.

Using the output option `json` will render the output formatted as
follows.

[source,json]
----
[{"uid":"admin","displayName":"admin","inactiveSinceDays":5}]
----

Using the output option `json_pretty` will render the output formatted
as follows.

[source,json]
----
[
    {
        "uid": "admin",
        "displayName": "admin",
        "inactiveSinceDays": 5
    }
]
----

[[finding-the-users-last-login]]
==== Finding the User's Last Login

To view a user's most recent login, use the `user:lastseen` command

[source,console,subs="attributes+"]

sudo -u www-data php occ user:lastseen <uid>

===== Arguments

[width="100%",cols="20%,70%",]
|====
| `uid`   | The username.
|====

Example

[source,console,subs="attributes+"]

sudo -u www-data php occ user:lastseen layla layla’s last login: 09.01.2015 18:46

[[listing-users]]
==== Listing Users

You can list existing users with the `user:list` command.

[source,console,subs="attributes+"]
----
sudo -u www-data php occ user:list [options] [<search-pattern>]
----

User IDs containing the `search-pattern` string are listed. Matching is
not case-sensitive. If you do not provide a search-pattern then all
users are listed.

===== Options

[width="90%",cols="40%,80%",]
|====
| `--output=[OUTPUT]`       | Output format (plain, json or json-pretty, default is plain).
| `-a [ATTRIBUTES] +
--attributes=[ATTRIBUTES]` | Adds more details to the output. +
Allowed attributes, multiple values possible: +
`uid`, `displayName`, `email`, `quota`, `enabled`, `lastLogin`, `home`, +
`backend`, `cloudId`, `searchTerms` [default: [`displayName`]]
|====

This example lists user IDs containing the string `ron`

[source,console,subs="attributes+"]

sudo -u www-data php occ user:list ron - aaron: Aaron Smith

The output can be formatted in JSON with the output option `json` or
`json_pretty`.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:list --output=json_pretty { "aaron": "Aaron Smith", "herbert": "Herbert Smith", "julie": "Julie Jones" }

This example lists all users including the attribute `enabled`.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:list -a enabled - admin: true - foo: true

[[listing-group-membership-of-a-user]]
==== Listing Group Membership of a User

You can list the group membership of a user with the `user:list-groups` command.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:list-groups [options] [--] <uid>

===== Arguments

[width="100%",cols="20%,70%",]
|====
| `uid` | User ID.
|====

===== Options

[width="100%",cols="20%,70%",]
|====
| `--output=[OUTPUT]` | Output format (plain, json or json-pretty, default is plain).
|====

Examples

This example lists group membership of user `julie`:

[source,console,subs="attributes+"]

sudo -u www-data php occ user:list-groups julie - Executive - Finance

The output can be formatted in JSON with the output option `json` or
`json_pretty`:

[source,console,subs="attributes+"]

sudo -u www-data php occ user:list-groups --output=json_pretty julie [ "Executive", "Finance" ]

==== Modify User Details

This command modifies either the users username or email address.

[source,console,subs="attributes+"]
----
sudo -u www-data php occ user:modify [options] [--] <uid> <key> <value>
----

===== Arguments

[width="100%",cols="20%,70%",]
|====
| `uid`   | User ID used to login.
| `key`   | Key to be changed. Valid keys are: `displayname` and `email`.
| `value` | The new value of the key.
|====

All three arguments are mandatory and can not be empty.

Example to set the email address:

[source,console,subs="attributes+"]

sudo -u www-data php occ user:modify carla email foobar@foo.com

The email address of `carla` is updated to `foobar@foo.com`

[[generating-a-user-count-report]]
==== Generating a User Count Report

Generate a simple report that counts all users, including users on
external user authentication servers such as LDAP.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:report

There are no arguments and no options beside the default once to parametrize the output

[source,console,subs="attributes+"]

sudo -u www-data php occ user:report ----------------------+ | User Report | | ----------------------+ | Database | 12 | | LDAP | 86 | | | | | total users | 98 | | | | | user directories | 2 | ----------------------+

[[setting-a-users-password]]
==== Setting a User's Password

[source,console,subs="attributes+"]

sudo -u www-data php occ user:resetpassword [options] [--] <user>

===== Arguments

[width="100%",cols="25%,70%",]
|====
| `uid` | The user's name.
|====

===== Options

[width="100%",cols="25%,70%",]
|====
| `--password-from-env` | Read the password from the OC_PASS environment variable.
| `--send-email`        | The email-id set while creating the user, will be used to send
link for password reset. This option will also display the link sent to user.
| `--output-link`       | The link to reset the password will be displayed.
|====

`password-from-env` allows you to set the user's password from an
environment variable. This prevents the password from being exposed to
all users via the process list, and will only be visible in the history
of the user (root) running the command. This also permits creating
scripts for adding multiple new users.

NOTE: To use `password-from-env` you must run as "real" root, rather than `sudo`, because `sudo` strips environment variables.

NOTE: To use `send-email`, the ownCloud instance must have email access fully configured.

Examples

Add a new user, called Fred Jones:

export OC_PASS=newpassword su -s /bin/sh www-data -c 'php occ user:add --password-from-env --display-name="Fred Jones" --group="users" fred' The user "fred" was created successfully Display name set to "Fred Jones" User "fred" added to group "users"

You can reset any user's password, including administrators (see xref:configuration/user/reset_admin_password.adoc[Reset Admin Password]):

[source,console,subs="attributes+"]

sudo -u www-data php occ user:resetpassword layla Enter a new password: Confirm the new password: Successfully reset password for layla

You may also use `password-from-env` to reset passwords:

export OC_PASS=newpassword su -s /bin/sh www-data -c 'php occ user:resetpassword \ --password-from-env \ layla' Successfully reset password for layla

This example emails a password reset link to the user.
Additionally, when the command completes, it outputs the password reset link to the console:

[source,console,subs="attributes+"]

sudo -u www-data php occ user:resetpassword \ --send-email \ --output-link \ layla The password reset link is: http://localhost:8080/index.php/lostpassword/reset/form/rQAlCjNeQf3aphA6Hraq2/layla

If the specified user does not have a valid email address set, then the following error will be output to the console, and the email will not be sent:

Email address is not set for the user layla

[[user-application-settings]]
==== User Application Settings

To manage application settings for a user, use the `user:setting`
command. This command provides the ability to:

* Retrieve all settings for an application
* Retrieve a single setting
* Set a setting value
* Delete a setting

[source,console,subs="attributes+"]
----
sudo -u www-data php occ user:setting [options] [--] <uid> [<app>] [<key>]
----

If you're new to the `user:setting` command, the descriptions for the
`app` and `key` arguments may not be completely transparent. So, here's
a lengthier description of both.

[width="100%",cols="20%,70%",options="header",]
|====
| Argument | Description
| `app` | When an value is supplied, `user:setting` limits the settings displayed,
to those for that, specific, application - assuming that the application is installed,
and that there are settings available for it. Some example applications are `core`,
`files_trashbin`, and `user_ldap`. A complete list, unfortunately, cannot be supplied,
as it is impossible to know the entire list of applications which a user could, potentially, install.
| `key` | This value specifies the setting key to be manipulated (set, retrieved,
or deleted) by the `user:setting` command.
|====

[[retrieving-user-settings]]
===== Retrieving User Settings

To retrieve all settings for a user, you need to call the `user:setting`
command and supply at least the user's username.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:setting <uid> [<app>] [<key>]

===== Arguments

[width="100%",cols="20%,70%",]
|====
| `uid`   | User ID used to login.
| `app`   | Restrict listing the settings for a given app. [default: ""].
| `key`   | Setting key to set, get or delete [default: ""].
|====

Example for all settings set for a given user

[source,console,subs="attributes+"]

sudo -u www-data php occ user:setting layla - core: - lang: en - login: - lastLogin: 1465910968 - settings: - email: layla@example.tld

Here we see that the user has settings for the application `core`, when
they last logged in, and what their email address is.

Example for all settings set restricted to application `core` for a given user

[source,console,subs="attributes+"]

sudo -u www-data php occ user:setting layla core - core: - lang: en

In the output, you can see that one setting is in effect, `lang`, which is set to `en`.

Example for all settings set restricted to application `core`, key `lang` for a given user

[source,console,subs="attributes+"]

sudo -u www-data php occ user:setting layla core lang en

This will display the value for that setting, such as `en`.

[[setting-and-deleting-a-setting]]
===== Setting and Deleting a Setting

[source,console,subs="attributes+"]

sudo -u www-data php occ user:setting [options] [--] <uid> [<app>] [<key>]

===== Arguments

[width="100%",cols="20%,70%",]
|====
| `uid`   | User ID used to login.
| `app`   | Restrict the settings to a given app. [default: ""].
| `key`   | Setting key to set, get or delete [default: ""].
|====

===== Options

[width="100%",cols="20%,40%",]
|====
| `--output=[OUTPUT]`               | Output format (plain, json or json-pretty, default is plain).
| `--ignore-missing-user`           | Use this option to ignore errors when the user does not exist.
| `--default-value=[DEFAULT-VALUE]` | If no default value is set and the config does not exist, the command +
will exit with 1. Only applicable on get.
| `--value=[VALUE]`                 | The new value of the setting.
| `--update-only`                   | Only updates the value, if it is not set before, it is not being added.
| `--delete`                        | Specify this option to delete the config.
| `--error-if-not-exists`           | Checks whether the setting exists before deleting it.
|====

IMPORTANT: In case you want to change the email address, use xref:modify-user-details[the `user:modify` command].

Here's an example of how you would set the language of the user `layla`.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:setting layla core lang --value=en

Deleting a setting is quite similar to setting a setting. In this case,
you supply the username, application (or setting category) and key as
above. Then, in addition, you supply the `--delete` flag.

[source,console,subs="attributes+"]

sudo -u www-data php occ user:setting layla core lang --delete

[[syncing-user-accounts]]
==== Syncing User Accounts

This command syncs users stored in external backend services, such as _LDAP_, _Shibboleth_, and _Samba_, with ownCloud's, internal user database.
However, it's not essential to run it regularly, unless you have a large number of users whose account properties have changed in a backend outside of ownCloud.
When run, it will pick up changes from alternative user backends, such as LDAP, where properties like `cn` or `display name` have changed, and sync them with ownCloud's user database.
If accounts are found that no longer exist in the external backend, you are given the choice of either removing or disabling the
accounts.

NOTE: It's also xref:configuration/server/background_jobs_configuration.adoc#available-background-jobs[one of the commands] that you should run on a regular basis to ensure that your ownCloud installation is running optimally.

NOTE: This command replaces the old `show-remnants` functionality, and brings the LDAP feature more in line with the rest of ownCloud's functionality.

===== Usage

user:sync [options] [--] [<backend-class>]

Synchronize users from a given backend to the accounts table.

===== Arguments:

[width="90%",cols="40%,80%",]
|===
| `backend-class` | The quoted PHP class name for the backend, e.g., +
- LDAP:        `"OCA\User_LDAP\User_Proxy"` +
- Samba:       `"OCA\User\SMB"` +
- Shibboleth:  `"OCA\User_Shibboleth\UserBackend"` +
|===

===== Options

[width="90%",cols="40%,80%",]
|===
| `-l, --list`      | List all enabled backend classes.
| `-u [UID]` +
`--uid=[UID]` | Sync only the user with the given user id.
| `-s, --seenOnly`  | Sync only seen users.
| `-c, --showCount` | Calculate user count before syncing.
| `-m [MISSING-ACCOUNT-ACTION]` +
 +
`--missing-account-action[=MISSING-ACCOUNT-ACTION]` | Action to take if the account isn't
connected to a backend any longer. +
Options are `disable` and `remove`. +
Note that removing the account will also remove the stored data and files for that account
| `-r, --re-enable` | When syncing multiple accounts re-enable accounts that are disabled in ownCloud
but available in the synced backend.
|===

Below are examples of how to use the command with an _LDAP_, _Samba_,
and _Shibboleth_ backend.

[[ldap]]
===== LDAP

[source,console,subs="attributes+"]

sudo -u www-data ./occ user:sync "OCA\User_LDAP\User_Proxy"

[[samba]]
===== Samba

[source,console,subs="attributes+"]

sudo -u www-data ./occ user:sync "OCA\User\SMB" -vvv

[[shibboleth]]
===== Shibboleth

[source,console,subs="attributes+"]

sudo -u www-data ./occ user:sync "OCA\User_Shibboleth\UserBackend"

Below are examples of how to use the command with the *LDAP* backend along with example console output.

===== Example 1

[source,console,subs="attributes+"]

sudo ./occ user:sync "OCA\User_LDAP\User_Proxy" -m disable -r Analysing all users …​ 6 [============================]

No removed users have been detected.
No existing accounts to re-enable.
Insert new and update existing users ...
    4 [============================]
===== Example 2

[source,console,subs="attributes+"]

sudo ./occ user:sync "OCA\User_LDAP\User_Proxy" -m disable -r Analysing all users …​ 6 [============================]

Following users are no longer known with the connected backend.
Disabling accounts:
9F625F70-08DD-4838-AD52-7DE1F72DBE30, Bobbie, bobbie@example.org disabled
53CDB5AC-B02E-4A49-8FEF-001A13725777, David, dave@example.org disabled
34C3F461-90FE-417C-ADC5-CE97FE5B8E72, Carol, carol@example.org disabled
No existing accounts to re-enable.
Insert new and update existing users ...
    1 [============================]
===== Example 3

[source,console,subs="attributes+"]

sudo./occ user:sync "OCA\User_LDAP\User_Proxy" -m disable -r Analysing all users …​ 6 [============================]

Following users are no longer known with the connected backend.
Disabling accounts:
53CDB5AC-B02E-4A49-8FEF-001A13725777, David, dave@example.org skipped, already disabled
34C3F461-90FE-417C-ADC5-CE97FE5B8E72, Carol, carol@example.org skipped, already disabled
B5275C13-6466-43FD-A129-A12A6D3D9A0D, Alicia3, alicia3@example.org disabled
Re-enabling accounts:
9F625F70-08DD-4838-AD52-7DE1F72DBE30, Bobbie, bobbie@example.org enabled
Insert new and update existing users ...
    1 [============================]
===== Example 4

[source,console,subs="attributes+"]

sudo ./occ user:sync "OCA\User_LDAP\User_Proxy" -m disable -r Analysing all users …​ 6 [============================]

No removed users have been detected.
Re-enabling accounts:
53CDB5AC-B02E-4A49-8FEF-001A13725777, David, dave@example.org enabled
34C3F461-90FE-417C-ADC5-CE97FE5B8E72, Carol, carol@example.org enabled
B5275C13-6466-43FD-A129-A12A6D3D9A0D, Alicia3, alicia3@example.org enabled
Insert new and update existing users ...
    4 [============================]
[[syncing-via-cron-job]]
===== Syncing via cron job

Here is an example for syncing with LDAP four times a day on Ubuntu:

crontab -e -u www-data

  • */6 * * * /usr/bin/php /var/www/owncloud/occ user:sync -vvv \ --missing-account-action="disable" \ -n "OCA\User_LDAP\User_Proxy"

[[versions]]
=== Versions

NOTE: These commands are only available when the "Versions" app (`files_versions`) is enabled.
These commands are not available in xref:maintenance-commands[single-user (maintenance) mode].

==== versions:cleanup

`versions:cleanup` can delete all versioned files, as well as the
`files_versions` folder, for either specific users, or for all users.

[source,console,subs="attributes+"]

sudo -u www-data php occ versions:cleanup [<user_id>]…​

Options

[width="100%",cols="22%,70%",]
|===
| `user_id` | Delete versions of the given user(s), if no user is given all versions will be deleted.
|===

The example below deletes all versioned files for all users:

[source,console,subs="attributes+"]

sudo -u www-data php occ versions:cleanup Delete all versions Delete versions for users on backend Database freda molly stash rosa edward

You can delete versions for specific users in a space-delimited list:

[source,console,subs="attributes+"]

sudo -u www-data php occ versions:cleanup freda molly Delete versions of freda Delete versions of molly

==== versions:expire

`versions:expire` deletes only expired files according to the
`versions_retention_obligation` setting in `config.php` (see the File
versions section in config_sample_php_parameters). The default is to
delete expired files for all users, or you may list users in a
space-delimited list.

[source,console,subs="attributes+"]

sudo -u www-data php occ versions:expire [<user_id>]…​

Options

[width="100%",cols="22%,70%",]
|===
| `user_id` | Expire file versions of the given user(s), if no user is given file versions
for all users will be expired.
|===

[[command-line-installation]]
=== Command Line Installation

ownCloud can be installed entirely from the command line.
After downloading the tarball and copying ownCloud into the appropriate directories, or after installing ownCloud packages (See xref:installation/linux_installation.adoc[Linux Package Manager Installation] and xref:installation/manual_installation.adoc[Manual Installation on Linux]) you can use `occ` commands in place of running the graphical Installation Wizard.

NOTE: These instructions assume that you have a fully working and configured webserver.
If not, please refer to the documentation on configuring
xref:installation/manual_installation.adoc[configure-web-server] for detailed instructions.

Apply correct permissions to your ownCloud directories;
see xref:installation/command_line_installation.adoc[strong_permissions].

Then choose your `occ` options. This lists your available options:

[source,console,subs="attributes+"]

sudo -u www-data php occ ownCloud is not installed - only a limited number of commands are available ownCloud version 10.0.8

Usage: [options] command [arguments]

Options

--help (-h)           Display this help message
--quiet (-q)          Do not output any message
--verbose (-v|vv|vvv) Increase the verbosity of messages: 1 for normal output,
                      2 for more verbose output and 3 for debug
--version (-V)        Display this application version
--ansi                Force ANSI output
--no-ansi             Disable ANSI output
--no-interaction (-n) Do not ask any interactive question

Available commands: check Check dependencies of the server environment help Displays help for a command list Lists commands status Show some status information app app:check-code Check code to be compliant l10n l10n:createjs Create javascript translation files for a given app maintenance maintenance:install Install ownCloud

==== Command Description

Display your `maintenance:install` options

[source,console,subs="attributes+"]

sudo -u www-data php occ help maintenance:install ownCloud is not installed - only a limited number of commands are available Usage:

[source,console]
----
maintenance:install [--database=["..."]] [--database-name=["..."]] \
                    [--database-host=["..."]] [--database-user=["..."]] \
                    [--database-pass=["..."]] [--database-table-prefix=["..."]] \
                    [--admin-user=["..."]] [--admin-pass=["..."]] [--data-dir=["..."]]
----

===== Options

[width="100%",cols="22%,70%",]
|===
| `--database`               | Supported database type (default: `sqlite`).
| `--database-name`          | Name of the database.
| `--database-host`          | Hostname of the database (default: `localhost`).
| `--database-user`          | User name to connect to the database.
| `--database-pass`          | Password of the database user.
| `--database-table-prefix`  | Prefix for all tables (default: `oc_` ).
| `--admin-user`             | Password of the admin account.
| `--data-dir`               | Path to data directory (default: `/var/www/owncloud/data`).
|===

This example completes the installation:

[source,console,subs="attributes+"]

cd /var/www/owncloud/ sudo -u www-data php occ maintenance:install \ --database "mysql" \ --database-name "owncloud" \ --database-user "root" \ --database-pass "password" \ --admin-user "admin" \ --admin-pass "password" ownCloud is not installed - only a limited number of commands are available ownCloud was successfully installed

Supported databases are:

[width="100%",cols="20%,70%",]
|===
| `sqlite` | SQLite3 (ownCloud Community edition only)
| `mysql`  | MySQL/MariaDB
| `pgsql`  | PostgreSQL
| `oci`    | Oracle (ownCloud Enterprise edition only
|===

[[command-line-upgrade]]
=== Command Line Upgrade

These commands are available only after you have downloaded upgraded
packages or tar archives, and before you complete the upgrade. List all
options, like this example on CentOS Linux:

==== Command Description

[source,console,subs="attributes+"]

sudo -u www-data php occ upgrade --help Usage: upgrade [options]

===== Options

[width="100%",cols="20%,70%",]
|===
| `--major`          | Automatically update apps to new major versions during minor updates of ownCloud Server.
| `--no-app-disable` | Skip disabling of third party apps.
|===

When you are performing an update or upgrade on your ownCloud server
(see the Maintenance section of this manual), it is better to use `occ`
to perform the database upgrade step, rather than the Web GUI, in order
to avoid timeouts. PHP scripts invoked from the Web interface are
limited to 3600 seconds. In larger environments this may not be enough,
leaving the system in an inconsistent state.
After performing all the preliminary steps
(see xref:maintenance/upgrade.adoc[the maintenance upgrade documentation]) use this command
to upgrade your databases, like this example on CentOS Linux:

[source,console,subs="attributes+"]

sudo -u www-data php occ upgrade ownCloud or one of the apps require upgrade - only a limited number of commands are available Turned on maintenance mode Checked database schema update Checked database schema update for apps Updated database Updating <gallery> …​ Updated <gallery> to 0.6.1 Updating <activity> …​ Updated <activity> to 2.1.0 Update successful Turned off maintenance mode

Note how it details the steps. Enabling verbosity displays timestamps:

[source,console,subs="attributes+"]

sudo -u www-data php occ upgrade -v ownCloud or one of the apps require upgrade - only a limited number of commands are available 2017-06-23T09:06:15+0000 Turned on maintenance mode 2017-06-23T09:06:15+0000 Checked database schema update 2017-06-23T09:06:15+0000 Checked database schema update for apps 2017-06-23T09:06:15+0000 Updated database 2017-06-23T09:06:15+0000 Updated <files_sharing> to 0.6.6 2017-06-23T09:06:15+0000 Update successful 2017-06-23T09:06:15+0000 Turned off maintenance mode

If there is an error it throws an exception, and the error is detailed
in your ownCloud logfile, so you can use the log output to figure out
what went wrong, or to use in a bug report.

Turned on maintenance mode Checked database schema update Checked database schema update for apps Updated database Updating <files_sharing> …​ Exception ServerNotAvailableException: LDAP server is not available Update failed Turned off maintenance mode

[[notifications]]
=== Notifications

If you want to send notifications to users or groups use the following command.

[source,sourceCode,console]
----
notifications
  notifications:generate   Generates a notification.
----

==== Command Description

[source,console,subs="attributes+"]

sudo -u www-data php occ notifications:generate [-u|--user USER] [-g|--group GROUP] [-l|--link <linktext>] [--] <subject> [<message>]

===== Arguments:

[width="100%",cols="20%,70%",]
|===
| `subject`  | The notification subject - maximum 255 characters.
| `message`  | A more extended message - maximum 4000 characters.
| `linktext` | A link to an HTML page.
|===

===== Options

[width="100%",cols="20%,70%",]
|===
| `-u [USER]` +
`--user=[USER]`   | User id to whom the notification shall be sent.
| `-g [GROUP]` +
`--group=[GROUP]` | Group id to whom the notification shall be sent.
| `-l [LINK]` +
`--link=[LINK]`   | A link associated with the notification.
|===

At least one user or group must be set.
A link can be useful for notifications shown in client apps.
Example:

[source,console,subs="attributes+"]

sudo -u www-data php occ notifications:generate -g Office "Emergency Alert" "Rebooting in 5min"

== ownCloud Maintained Application Commands

This command reference covers the ownCloud maintained apps commands.

[[brute_force_protection]]
=== Brute Force Protection

Marketplace URL: https://marketplace.owncloud.com/apps/brute_force_protection[Brute-Force Protection]

Use these commands to configure the Brute Force Protection app.
Parametrisation must be done with the `occ config` command set.
The combination of `uid` and `IP address` is used to trigger the ban.

==== List the Current Settings

[source,console,subs="attributes+"]

sudo -u www-data php occ config:list brute_force_protection

==== Set the Setting

To set a new value, use the command below and replace `<Key>` and value `<Value>` accordingly.

[source,console,subs="attributes+"]

sudo -u www-data php occ config:app:set brute_force_protection <Key> --value=<Value> --update-only

===== Fail Tolerance [attempts]

Number of wrong attempts to trigger the ban.

[width="80%",cols="30%,70%",]
|===
| Key     | `brute_force_protection_fail_tolerance`
| Default | 3
|===

===== Time Treshold [seconds]

Time in which the number of wrong attempts must occur to trigger the ban.

[width="80%",cols="30%,70%",]
|===
| Key     | `brute_force_protection_time_threshold`
| Default | 60
|===

===== Ban Period [seconds]

Time how long the ban will be active if triggered.

[width="80%",cols="30%,70%",]
|===
| Key     | `brute_force_protection_ban_period`
| Default | 300
|===

[[data_exporter]]
=== Data Exporter

This app is only available as a https://github.com/owncloud/data_exporter.git[git clone].
See the xref:maintenance/export_import_instance_data.adoc[Data Exporter] description
for more information how to install this app.

Import and export users from one ownCloud instance in to another.
The export contains all user-settings, files and shares.

==== Export User Data

instance:export:user <userId> <exportDirectory>

===== Arguments

[width="80%",cols="30%,70%",]
|===
| `userId`          | User to export.
| `exportDirectory` | Path to the directory to export data to.
|===

==== Import User Data

instance:import:user [options] [--] <importDirectory>

===== Arguments

[width="80%",cols="30%,70%",]
|===
| `userId`          | User to export.
| `importDirectory` | Path to the directory to import data from.
|===

===== Options

[width="80%",cols="30%,70%",]
|===
| `-a [UID]` +
`--as=[UID]` | Import the user under a different user id.
|===

==== Migrate Shares

instance:export:migrate:share <userId> <remoteServer>

===== Arguments

[width="80%",cols="30%,70%",]
|===
| `userId`       | The exported userId whose shares we want to migrate.
| `remoteServer` | The remote ownCloud server where the exported user is now,
for example "https://myown.server:{std-port-http}/owncloud".
|===

[[calendar]]
=== Calendar

Marketplace URL: https://marketplace.owncloud.com/apps/calendar[Calendar]

For commands for managing the calendar, please see the DAV Command section in the occ core command set.

[[contacts]]
=== Contacts

Marketplace URL: https://marketplace.owncloud.com/apps/contacts[Contacts]

For commands for managing contacts, please see the DAV Command section in the occ core command set.

[[files_antivirus]]
=== Anti-Virus

Marketplace URL: https://marketplace.owncloud.com/apps/files_antivirus[Anti-Virus]

Use these commands to configure the Anti-Virus app.
Parametrisation must be done with the `occ config` command set.

==== List the Current Settings

[source,console,subs="attributes+"]

sudo -u www-data php occ config:list files_antivirus

==== Set the Setting

To set a new value, use the command below and replace `<Key>` and value `<Value>` accordingly.

[source,console,subs="attributes+"]

sudo -u www-data php occ config:app:set files_antivirus <Key> --value=<Value> --update-only

===== Antivirus Mode [string]

Antivirus Configuration.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_mode`
| Default         | 'executable'
| Possible Values | 'executable' +
'daemon' +
'socket'
|===

===== Antivirus Socket [string]

Antivirus Socket.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_socket`
| Default         | '/var/run/clamav/clamd.ctl'
|===

===== Antivirus Host [string]

Hostname or IP address of Antivirus Host.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_host`
| Default         |
|===

===== Antivirus Port [integer]

Port number of Antivirus Host, 1-65535.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_port`
| Default         |
| Possible Values | 1-65535
|===

===== Antivirus Command Line Options [string]

Extra command line options (comma-separated).

[width="80%",cols="30%,70%",]
|===
| Key             | `av_cmd_options`
| Default         |
|===

===== Antivirus Path to Executable [string]

Path to clamscan executable.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_path`
| Default         | '/usr/bin/clamscan'
|===

===== Antivirus Maximum Filesize [integer]

File size limit, -1 means no limit.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_max_file_size`
| Default         | '-1'
| Possible Values | '-1' +
integer number
|===

===== Antivirus Maximum Stream Lenth [integer]

Max Stream Length.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_stream_max_length`
| Default         | '26214400'
|===

===== Antivirus Action [string]

When infected files were found during a background scan.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_infected_action`
| Default         | 'only_log'
| Possible Values | 'only_log' +
'delete'
|===

===== Antivirus Scan Process [string]

Define scan process.

[width="80%",cols="30%,70%",]
|===
| Key             | `av_scan_background`
| Default         | 'true'
| Possible Values | 'true' +
'false'
|===

[[s3-objectstore]]
=== S3 Objectstore

Marketplace URL: https://marketplace.owncloud.com/apps/files_primary_s3[S3 Object Storage]

[[list-objects-buckets-or-versions-of-an-object]]
==== List objects, buckets or versions of an object

[source,console,subs="attributes+"]

sudo -u www-data occ s3:list

===== Arguments

[width="80%",cols="30%,70%",]
|===
| `bucket` | Name of the bucket; it`s objects will be listed.
| `object` | Key of the object; it`s versions will be listed.
|===

[[create-a-bucket-as-necessary-to-be-used]]
==== Create a bucket as necessary to be used

[source,console,subs="attributes+"]

sudo -u www-data occ s3:create-bucket

===== Arguments

[width="80%",cols="30%,70%",]
|===
| `bucket` | Name of the bucket to be created
|===

===== Options
[width="80%",cols="30%,70%",]
|===
| `update-configuration` | If the bucket exists the configuration will be updated.
| `accept-warning`       | No warning about the usage of this command will be displayed.
|===

=== LDAP Integration

Marketplace URL: https://marketplace.owncloud.com/apps/user_ldap[LDAP Integration]

[source,console]
----
ldap
 ldap:check-user               Checks whether a user exists on LDAP.
 ldap:create-empty-config      Creates an empty LDAP configuration
 ldap:delete-config            Deletes an existing LDAP configuration
 ldap:search                   Executes a user or group search
 ldap:set-config               Modifies an LDAP configuration
 ldap:show-config              Shows the LDAP configuration
 ldap:test-config              Tests an LDAP configuration
 ldap:update-group             Update the specified group membership
                               Information stored locally
----

Search for an LDAP user, using this syntax:

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:search [--group] [--offset="…​"] [--limit="…​"] search

Searches match at the beginning of the attribute value only.
This example searches for `givenNames` that start with 'rob':

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:search "rob"

This will find "robbie", "roberta", and "robin".
Broaden the search to find, for example, `jeroboam` with the asterisk wildcard:

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:search "*rob"

User search attributes are set with `ldap:set-config` (below).
For example, if your search attributes are `givenName` and `sn` you can find users by first name + last name very quickly.
For example, you’ll find 'Terri Hanson' by searching for `te ha`.
Trailing whitespace is ignored.

Check if an LDAP user exists.
This works only if the ownCloud server is connected to an LDAP server.

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:check-user robert

`ldap:check-user` will not run a check when it finds a disabled LDAP connection.
This prevents users that exist on disabled LDAP connections from being marked as deleted.
If you know for sure that the user you are searching for is not in one of the disabled connections, and exists on an active connection, use the `--force` option to force it to check all active LDAP connections.

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:check-user --force robert

`ldap:create-empty-config` creates an empty LDAP configuration.
The first one you create has no `configID`, like this example:

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:create-empty-config Created new configuration with configID ''

This is a holdover from the early days, when there was no option to create additional configurations.
The second, and all subsequent, configurations that you create are automatically assigned IDs.

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:create-empty-config Created new configuration with configID 's01'

Then you can list and view your configurations:

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:show-config

And view the configuration for a single `configID`:

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:show-config s01

`ldap:delete-config [configID]` deletes an existing LDAP configuration.

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:delete s01 Deleted configuration with configID 's01'

The `ldap:set-config` command is for manipulating configurations, like this example that sets search attributes:

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:set-config s01 ldapAttributesForUserSearch "cn;givenname;sn;displayname;mail"

The command takes the following format:

ldap:set-config <configID> <configKey> <configValue>

All of the available keys, along with default values for configValue, are listed in the table below.

[width="70%",cols=",",options="header",]
|===
| Configuration            | Setting
| hasMemberOfFilterSupport |
| hasPagedResultSupport    |
| homeFolderNamingRule     |
| lastJpegPhotoLookup      | 0
| ldapAgentName            | cn=admin,dc=owncloudqa,dc=com
| ldapAgentPassword        | _*_
| ldapAttributesForGroupSearch |
| ldapAttributesForUserSearch  |
| ldapBackupHost           |
| ldapBackupPort           |
| ldapBase                 | dc=owncloudqa,dc=com
| ldapBaseGroups           | dc=owncloudqa,dc=com
| ldapBaseUsers            | dc=owncloudqa,dc=com
| ldapCacheTTL             | 600
| ldapConfigurationActive  | 1
| ldapDynamicGroupMemberURL |
| ldapEmailAttribute       |
| ldapExperiencedAdmin     | 0
| ldapExpertUUIDGroupAttr  |
| ldapExpertUUIDUserAttr   |
| ldapExpertUsernameAttr   | ldapGroupDisplayName cn
| ldapGroupFilter          | ldapGroupFilterGroups
| ldapGroupFilterMode      | 0
| ldapGroupFilterObjectclass |
| ldapGroupMemberAssocAttr | uniqueMember
| ldapHost                 | ldap://host
| ldapIgnoreNamingRules    |
| ldapLoginFilter          | (&((objectclass=inetOrgPerson))(uid=%uid))
| ldapLoginFilterAttributes |
| ldapLoginFilterEmail     | 0
| ldapLoginFilterMode      | 0
| ldapLoginFilterUsername  | 1
| ldapNestedGroups         | 0
| ldapOverrideMainServer   |
| ldapPagingSize           | 500
| ldapPort                 | 389
| ldapQuotaAttribute       |
| ldapQuotaDefault         |
| ldapTLS                  | 0
| ldapUserDisplayName      | displayName
| ldapUserDisplayName2     |
| ldapUserFilter           | ((objectclass=inetOrgPerson))
| ldapUserFilterGroups     |
| ldapUserFilterMode       | 0
| ldapUserFilterObjectclass | inetOrgPerson
| ldapUuidGroupAttribute   | auto
| ldapUuidUserAttribute    | auto
| turnOffCertCheck         | 0
| useMemberOfToDetectMembership | 1
|===

`ldap:test-config` tests whether your configuration is correct and can bind to the server.

[source,console,subs="attributes+"]

sudo -u www-data php occ ldap:test-config s01 The configuration is valid and the connection could be established!

`ldap:update-group` updates the specified group membership information stored locally.
The command takes the following format:

ldap:update-group <groupID> <groupID <groupID> …​>

The command allows for running a manual group sync on one or more groups, instead of having to wait
for group syncing to occur.
If users have been added or removed from these groups in LDAP, ownCloud will update its details.
If a group was deleted in LDAP, ownCloud will also delete the local mapping info about this group.

New groups in LDAP won’t be synced with this command.
The LDAP TTL configuration (by default 10 minutes) still applies.
This means that recently deleted groups from LDAP might be considered as
'active' and might not be deleted in ownCloud immediately.

*Configuring the LDAP Refresh Attribute Interval*

You can configure the LDAP refresh attribute interval, but not with the `ldap` commands.
Instead, you need to use the `config:app:set` command, as in the following example, which takes a
number of seconds to the `--value` switch.

[source,console,subs="attributes+"]

sudo -u www-data php occ config:app:set user_ldap updateAttributesInterval --value=7200

In the example above, the interval is being set to 7200 seconds.
Assuming the above example was used, the command would output the following:

[source,console]
----
Config value updateAttributesInterval for app user_ldap set to 7200
----

If you want to reset (or unset) the setting, then you can use the following command:

[source,console,subs="attributes+"]

sudo -u www-data php occ config:app:delete user_ldap updateAttributesInterval

[[market]]
=== Market

Marketplace URL: https://marketplace.owncloud.com/apps/market[Market]

The `market` commands _install_, _uninstall_, _list_, and _upgrade_ applications from the ownCloud Marketplace.

[source,console]
----
market
  market:install    Install apps from the marketplace. If already installed and
                    an update is available the update will be installed.
  market:uninstall  Uninstall apps from the marketplace.
  market:list       Lists apps as available on the marketplace.
  market:upgrade    Installs new app versions if available on the marketplace
----

NOTE: The user running the update command, which will likely be your webserver user, requires write
permission for the `/apps` respectively `apps-external` folder.

NOTE: If they don’t have write permission, the command may report that the update was successful, but it may silently fail.

These commands are not available in single-user (maintenance) mode.
For more details please see the Maintenance Commands section in the occ core command set.

[[install-an-application]]
==== Install an Application

Applications can be installed both from https://marketplace.owncloud.com/[the ownCloud Marketplace] and from a local file archive.

[[install-apps-from-the-marketplace]]
==== Install Apps From The Marketplace

To install an application from the Marketplace, you need to supply the app’s id, which can be found in the app’s Marketplace URL.
For example, the URL for _Two factor backup codes_ is https://marketplace.owncloud.com/apps/twofactor_backup_codes.
So its app id is `twofactor_backup_codes`.

[source,console,subs="attributes+"]

sudo -u www-data occ market:install <ids> [option]

===== Arguments

[width="80%",cols="30%,70%",]
|===
| `ids` |  Ids of the apps
|===

===== Options
[width="80%",cols="30%,70%",]
|===
| `-l [LOCAL]` +
`--local=[LOCAL]`  | Optional path to a local app package.
|===

[[install-apps-from-a-file-archive]]
==== Install Apps From a File Archive

To install an application from a local file archive, you need to supply the path to the archive, and that you pass the `-l` switch.
Only `zip`, `gzip`, and `bzip2` archives are supported.

[[usage-example]]
==== Usage Example

[source,console,subs="attributes+"]

Install an app from the marketplace.

sudo -u www-data occ market:install twofactor_backup_codes

Install an app from a local archive.

sudo -u www-data occ market:install -l /mnt/data/richdocuments-2.0.0.tar.gz

NOTE: The target directory has to be *accessable to the webserver user* and you have to *enable* the app afterwards with the `occ app:enable` command.

[[uninstall-an-application]]
==== Uninstall an Application

To uninstall an application use the following commands:

[source,console,subs="attributes+"]

sudo -u www-data occ market:uninstall <ids>

===== Arguments

[width="80%",cols="30%,70%",]
|===
| `ids` |  Ids of the apps
|===

[[list-apps-from-the-marketplace]]
==== List Apps From The Marketplace

This command lists apps available on the marketplace.
It returns the ids if the apps.

[source,console,subs="attributes+"]

sudo -u www-data occ market:list

[[upgrade-an-application]]
==== Upgrade an Application

Install new app versions if available on the marketplace by using following commands:

[source,console,subs="attributes+"]

sudo -u www-data occ market:upgrade <ids> [options]

===== Arguments

[width="80%",cols="30%,70%",]
|===
| `ids` |  Ids of the apps
|===

===== Options

[width="80%",cols="30%,70%",]
|===
| `-l [LOCAL]` +
`--local=[LOCAL]`  | Optional path to a local app package.
| `--major`        | Allow update to a new major version.
|===

=== Password Policy

Marketplace URL: https://marketplace.owncloud.com/apps/password_policy[Password Policy]

Command to expire a user or group of users’ passwords.

==== Command Description

[source,console,subs="attributes+"]

sudo -u www-data occ user:expire-password <uid> [<expiredate>]

===== Arguments

[width="100%",cols="20%,82%",]
|===
| `uid`       | User ID.
| `expiredate` | The date and time when a password expires, +
e.g. `2019-01-01 14:00:00 CET` or -1 days.
|===

TIP: The expiry date can be provided using any of {php-datetime-url}[PHP's supported date and time formats].

===== Options

[width="100%",cols="23%,82%",]
|===
| `-a, --all`
| Will add password expiry to all known users.
uid and group option are discarded if the option is provided by user.

| `-u [UID]` +
`--uid=[UID]`
| The uid of the user to expire the password for. +
To expire the password of multiple users, pass the `-u` or `--uid` option multiple times, as in this example: `--uid "Alice" --uid "Bob"`.

| `-g [GROUP]` +
`--group=[GROUP]`
| Add password expiry to user(s) in one or more groups. +
This option can be used as `--group foo --group bar` to add expiry passwords for users in multiple groups.
|===

If an expiry date is not supplied, the password will expire with immediate effect.
This is because the password will be set as being expired 24 hours before the command was run.
For example, if the command was run at `2018-07-**12** 13:15:28 UTC`, then the password's expiry
date will be set to `2018-07-**11** 13:15:28 UTC`.

After the command completes, console output, similar to that below, confirms when the user's password is set to expire.

The password for frank is set to expire on 2018-07-12 13:15:28 UTC.

==== Command Examples

[source,console,subs="attributes+"]

The password for user "frank" will be set as being expired 24 hours before the command was run.

sudo -u www-data php occ user:expire-password -u frank

Expire the user "frank"'s password in 2 days time.

sudo -u www-data php occ user:expire-password -u frank '+2 days'

Expire the user "frank"'s password on the 15th of August 2005, at 15:52:01 in the local timezone.

sudo -u www-data php occ user:expire-password --uid frank '2005-08-15T15:52:01+00:00'

Expire the user "frank"'s password on the 15th of August 2005, at 15:52:01 UTC.

sudo -u www-data php occ user:expire-password --uid frank '15-Aug-05 15:52:01 UTC'

==== Caveats

Please be aware of the following implications of enabling or changing the password policy's "*days until
user password expires*" option.

- Administrators need to run the `occ user:expire-password` command to initiate expiry for new users.
- Passwords will never expire for users who have *not* changed their initial password, because they do
not have a password history. To force password expiration use the `occ user:expire-password` command.
- A password expiration date will be set after users change their password for the first time. To force
password expiration use the `occ user:expire-password` command.
- Passwords changed for the first time, will expire based on the *active* password policy. If the policy
is later changed, it will not update the password's expiry date to reflect the new setting.
- Password expiration dates of users where the administrator has run the `occ user:expire-password`
command *won't* automatically update to reflect the policy change. In these cases, Administrators need
to run the `occ user:expire-password` command again and supply a new expiry date.

[[ransomware-protection]]
=== Ransomware Protection (Enterprise Edition only)

Marketplace URL: https://marketplace.owncloud.com/apps/ransomware_protection[Ransomware Protection]

Use these commands to help users recover from a Ransomware attack.
You can find more information about the application in xref:enterprise/ransomware-protection/index.adoc[the Ransomware Protection documentation].

==== Command Description

[source,console,subs="attributes+"]

sudo -u www-data occ ransomguard:scan <timestamp> <user>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `<timestamp>` +
`<user>`          | Report all changes in a user's account, starting from timestamp.
|===

[source,console,subs="attributes+"]

sudo -u www-data occ ransomguard:restore <timestamp> <user>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `<timestamp>` +
`<user>`          | Revert all operations in a user account after a point in time.
|===

[source,console,subs="attributes+"]

sudo -u www-data occ ransomguard:lock <user>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `<user>` | Set a user account as read-only for ownCloud and other WebDAV clients when
malicious activity is suspected.
|===

[source,console,subs="attributes+"]

sudo -u www-data occ ransomguard:unlock <user>

===== Arguments

[width="100%",cols="20%,70%",]
|===
| `<user>` | Unlock a user account after ransomware issues have been resolved.
|===

[[samle_sso_sibboleth_integration]]
=== SAML/SSO Shibboleth Integration (Enterprise Edition only)

Marketplace URL: https://marketplace.owncloud.com/apps/user_shibboleth[SAML/SSO Integration]

`shibboleth:mode` sets your Shibboleth mode to `notactive`, `autoprovision`, or `ssoonly`

[source,console]
----
shibboleth:mode [mode]
----

[[two_factor_authentication]]
=== Two-factor Authentication

Marketplace URL: https://marketplace.owncloud.com/apps/twofactor_totp[2-Factor Authentication]

If a two-factor provider app is enabled, it is enabled for all users by default (though the provider can decide whether or not the user has to pass the challenge).
In the case of an user losing access to the second factor (e.g., a lost phone with two-factor SMS verification), the admin can temporarily disable the two-factor check for that user via the occ command:

==== Command Description

[source,console,subs="attributes+"]

sudo -u www-data php occ twofactor:disable <username>

To re-enable two-factor authentication again, use the following command:

[source,console,subs="attributes+"]

sudo -u www-data php occ twofactor:enable <username>