S3 Object Storage Support becomes Open Source and is redesigned from scratch
ownCloud can be configured to use S3 Object Storage as primary storage. The open standard enables infinite scalability to cope for an exponentially growing amount of data.
The app – formerly Enterprise only – was re-written from scratch by Thomas Müller and Jörn Friedrich Dreyer. The new S3 Objectstore implementation “files_primary_s3”, which will massively improve performance, reliability and protocol-related capabilities, is about to be released soon and will be available as Open Source, meaning free to use for everybody. See a list of S3 compliant storage implementations here.
Stay tuned for in-detail release announcements. For regularly news directly to your inbox you can also sign up for our monthly newsletter here.
Password Policy becomes Open Source, and Enterprise-compliant!
Together with ownCloud Server 10.0.9 a new major version of the Password Policy app is released. At the same time, the app is now available for free and completely Open Source, as many new features are community-developed.
The changes to the app introduce new features, which allow for passphrase expiration and history policies. If you want guest or local users to care for their security, you can now force them to change their passphrase upon first login.
Additionally you can specify expiration policies for passphrases, forcing users to set new passphrases every 90 days, for example. Users will have to actually choose new passphrases, as, for example, the last 10 used passphrases will not be usable when changing a user’s passphrase.
Users will be notified via mail before the passphrase expires and when the passphrase has expired.
Note that regularly changing passphrases is discouraged by NIST. But some organizations have to comply with different guidelines; so they are now able to do so. We recommend to think carefully about hurdles that are put upon users regarding user experience.
Semih Serhat Karakaya, who was a GSoC student at ownCloud last year, wrote many of the new Security features in the new app. We want to thank him for his great contributions and his dedication to security in ownCloud.
He already gathered lots of experience writing his Security app, which has similar features. He will re-release the app without the passphrase security features as bruteforce protection app, as the passphrase security features are now openly available, too.
Semih will also give a talk at the ownCloud Conference 2018 how he integrated ownCloud with rocket.chat. Join Semih in September 18-21 in Nuremberg to gather more know-how and get the best out of your ownCloud!
Taking Sharing to the Next Level
Even if other features are an important part of ownCloud, too – the core feature is file sharing. ownCloud offers versatile sharing mechanisms as ownCloud and with 10.0.9, there are even more possibilities for sharing:
We think users should have more control over incoming shares. If you give someone a piece of chocolate, you ask beforehand, if they even want it. Maybe their hands are full, maybe they don’t eat milk products. They probably do want the chocolate, but their consent is important.
Previously, shared contents would appear, unannounced, in the receiving user’s file hierarchy, and clients would start synchronizing. With 10.0.9, incoming shares can have a pending state, offering the ability to accept or decline unwanted files (as known from federated sharing). This gives users a better control over their cloud storage and provides a better user experience.
If a user gets an incoming share, the recently introduced notifications framework is being used to inform them via mail. They can also use the bell icon in the web interface and the ownCloud Desktop Client to accept or reject a share.
To switch to the new behavior, administrators need to disable the configuration option “Automatically accept new incoming local user shares” in the “Sharing” settings section. By default the option will be enabled to preserve the known behavior.
Sharing Overview
The “Shared with you” view was enhanced to support the Pending Shares feature. In the Sharing overview, you can now also see if a share is pending, accepted, or rejected.
This enables users to see with one glance what others have shared with them, and manage those shares.
In the sharing overview, users can not only accept shares, which they rejected earlier – but also restore shares that have been unshared before, without requiring the owner to share it again:
This is basically an “undo” feature for deleted or rejected shares. Everyone makes a wrong click sometimes – undo buttons are the perfect countermeasure. If you’re interested why we use an “undo” button instead of a warning with a confirmation button, read this article.
Sharing Autocomplete – How Secure do you Want it?
When users want to share with other users, previously they see autocompleted usernames, after entering 4 letters. This threshold was introduced in 10.0.8 for security reasons to prevent username crawling.
As this security-enhancing change came at the expense of usability, and might only be required in special scenarios, the default value is reverted to 2. If you want it, you can adjust it in the config.php with the option 'user.search_min_length' => 2
.
To further improve usability, there is a hint now to inform users about the required character count to get suggestions.
Exclude Groups from Sharing
The option “Exclude groups from sharing”, in the administration settings’ “Sharing” section, enables administrators to exclude groups of users from the ability to initiate file shares. But before 10.0.9, this only applied to users who were not in other groups which allowed sharing.
This behavior is now both more restrictive and better covers the expectations of administrators. With ownCloud 10.0.9, it will apply to all users who are members of at least one of the excluded groups.
Community Effort to Improve User Interface & Theming
Apart from the sharing improvements, there is a lot of progress on user interface and theming, especially on mail templates. It allows admins several adjustments to automatic mails.
- First of all, the HTML and plain text mail templates have been updated, because of the new notification framework, which was introduced in ownCloud server 10.0.8. Please review the templates in
apps/notifications/templates/mail/
to align them with your needs. - We want to thank Joey Berkovitz for adding HTML templates for “password lost”-mails. Admins can now customize how those mails should look like, or adjust it to their custom theme.
- Both HTML and plain text mail templates can now include a footer. They do so by default – if you use custom templates, you can add them manually.
The ownCloud example theme has its own repository now. You can use it as a solid base to create custom themes. Additionally it is no longer bundled with ownCloud server.
New Options to Link Privacy Policy & Imprint
10.0.9 takes GDPR compliance one step further by giving you the ability to add links to your Privacy Policy. To link an Imprint, which is necessary according to German law, you can also specify a link. This is possible via occ command or via the admin settings in the web interface.
You can display these links on all pages of the ownCloud web interface and in the footer of mail notifications. When you use one of the default themes provided by ownCloud, as well as the default mail templates, the configured links will be automatically included. When using customized themes or mail templates it’s necessary to adapt them. See the Release Notes for more information.
Improvements for occ user:list
To improve the usability of the occ user:list
command, you can now configure the output by using the -a
option to include certain attributes. This mainly facilitates automation tasks. Check the --help
option for more information.
Time to Plan an Upgrade!
So if you run an ownCloud server, it’s time to plan an upgrade. As usual, you should read the Release Notes and follow upgrade best practices.
Additionally, if you are a developer, you should take a look at these changes.
What do you think about these improvements? Leave a comment or share this article on social media: