I installed ownCloud 5 on a "dedicated server" (a colocated Raspberry Pi running Raspbian) earlier today and I've just upgraded it to ownCloud version 6. It seems to work reasonably well after certain adjustments to the server's configuration.
If you're running ownCloud with nginx and php5-fpm on a low-performance host (not necessarily a Raspberry Pi but perhaps a cheap VPS) and keep getting "gateway timeout" errors when the desktop client uploads large files despite the relevant adjustments to php.ini [1] try to set
fastcgi_read_timeout 600;
for ownCloud's php files' location in the nginx site configuration file (e.g., /etc/nginx/sites-enabled/default). That resolved the problem for me. The timeout errors notwithstanding, the files that I tried (up to approx. 600 MB in size each) still got uploaded to the server and their checksums matched when redownloaded.
Overall, it seems quite usable with the client; however, the web UI is painfully slow much of the time when hosted on the Pi.
Has anyone here used ownCloud "in production", which is to say, as a full-time replacement for Dropbox? Have you had any hiccups with synchronization?
While I haven't looked at the source, it is indeed a shame that they're not using a mature, battle-proven framework. With frameworks we have today, why would you roll your own, especially for a project like OwnCloud?
That is correct. In case you're wondering, I signed up for it when I saw this story on HN: https://news.ycombinator.com/item?id=5946940. The service is nice and stable, with an Internet connection seemingly as fast as the Pi can handle. However, I had to wait quite a long time (~4 months) for my Pi to come online and due to overwhelming demand they're no longer offering it for free.
Do Owncloud 6 comes with block based syncing, so I can sync large files with minor modifications?
What about support for inotify(Linux), FSEvents(OSX), kqueue(BSD) and ReadDirectoryChangesW(Windows)?
You can give it a try using our Bitnami packages for OwnCloud. Free, ready-to-run native installers, virtual machines and cloud images (AWS/Azure) http://bitnami.com/stack/owncloud
Interesting link! Do you plan to offer a LAMP stack for ARM-based devices? I am running my home-server on a BeagleBone Black because electricity is expensive (2 € per Wattyear) and the BeagleBone only needs around 1 Watt of power (in addition to being dirt cheap).
By chance, setting up OwnCloud was my project for this afternoon and it is humming along nicely, but I always feel uneasy about exposing something to the interwebs that is only set up "sort-of" securely by some layman (me).
We have been discussing the idea on and off. We even had a proof of concept for one of the earlier ARM-based devices (SheevaPlug) but we have decided to concentrate on the most popular applications/platforms first (for example, we also supported Solaris at one point but stopped). We are a very small team so it is a matter of where to focus :-/
I would like to use something like ownCloud but my sysadmin skills are certainly poorer than guys hired by Google or Dropbox. I worry that I might end up deleting my own data or mess up my installation. For example, I use Google apps and I worry that a messed up MX entry would send me to radio silence.
I've always been interested and supportive of services like these, but man I wish they changed that wall-of-text website of theirs. Their homepage is fairly similar.
I love it. What we usually get here on HN is some buzzwords and promises to solve all your very loosely defined problems coupled with stock photos and a signup page.
FLOSS Weekly had one of the lead OwnCloud devs on recently. Of course, he was asked ‘why PHP’. Answer: to make it possible for as many people to deploy it as possible, on commodity shared hosting (or anything better they might have).
There's basically nothing that can achieve that level of deployability besides PHP.
Hearing that reasoning helped me with some of the concerns I had about its implementation language. It sounds like they know what they are doing, and are very careful (including careful code review), they just want the software to be as widely usable as possible.
I'll say to their credit that at least they're serious enough to publish security advisories.
Some of these errors just shouldn't be possible in a well written code base, though. I would never run OwnCloud on my own servers, or use it to store anything remotely sensitive.
Yes, however, chmodding folders to 777 and placing sqlite databases in unprotected folders accessable for the entire interwebs does tend to give me little hope that these guys can actually produce secure PHP code. sadly, as the software is pretty awesome featurewise.
If the parent's folder limit access to a certain user or group there aren't security problems and may be exactly what you need.
for example, if you work with other people and you have a command to generate thumbnails from the shell, you may have a layout like this one
chmod user group path
2770 www-data devs /srv/www
2777 foo devs /srv/www/site/thumbnails/
/srv/www/site/thumbnails may be accessed only by people in the 'devs' or 'www-data' group ('foo' can read it only if he's in the group 'devs'). The obvious alternative would be to set that directory as owned by 'www-data', but you need root access to do that (unless you put everybody in group 'www-data', but then everyone can access every site). This way every user in the group 'devs' can make directories usable by both his teammates and the webserver, without having root power or being in group www-data. Have more than one team? Use different groups for each team.
0777 (or more like 02777) is a perfectly valid permission for world-writeable directories. Except that the case "anyone may do anything here, this is a free and unrestricted file sharing area" is quite rare. And almost certainly not for anything under /var/www served by httpd with PHP support.
That's not true. There are many thinks inherently wrong with PHP security. And while you can write crap and insecure applications in any language, PHP actively encourages it.
Browse through the OwnCloud release notes. Almost every version has fixes for XSS and remote code execution. Fixes are great but the developers seem to be making the same mistakes over and over again. It is just too easy to do that in PHP.
PHP gets a bad rep as a programming language. It may not be the most mature language, but don't generalize it as bad with security when that has just as much to do with the developer and the way they built it.
Unless you've used this service and have specific php security and maintenance concerns relating to this specific site?
Ive installed and run ownCloud before, cant point to specifics right now but I had to remove it and do with ssh and simplest nginx/ssl/htaccess style sharing for now.
If you're running ownCloud with nginx and php5-fpm on a low-performance host (not necessarily a Raspberry Pi but perhaps a cheap VPS) and keep getting "gateway timeout" errors when the desktop client uploads large files despite the relevant adjustments to php.ini [1] try to set
for ownCloud's php files' location in the nginx site configuration file (e.g., /etc/nginx/sites-enabled/default). That resolved the problem for me. The timeout errors notwithstanding, the files that I tried (up to approx. 600 MB in size each) still got uploaded to the server and their checksums matched when redownloaded.Overall, it seems quite usable with the client; however, the web UI is painfully slow much of the time when hosted on the Pi.
Has anyone here used ownCloud "in production", which is to say, as a full-time replacement for Dropbox? Have you had any hiccups with synchronization?
[1] See, e.g., the first post at http://forum.owncloud.org/viewtopic.php?f=23&t=9440.