Opened 3 years ago

Closed 3 years ago

#12043 closed Question/How do I...? (fixed)

ownCloud groups + initiating ownCloud accounts

Reported by: Ying-sun Ho Owned by: Jamie McClelland
Priority: Medium Component: Tech
Keywords: Cc:
Sensitive: no

Description

hi. i have a couple of questions related to sharing in ownCloud.

QUESTION #1

i asked jamie a while ago about using groups in ownCloud. he explained how it works:

"ownCloud *does* have a groups functionality - however, it is not well-suited for an installation like ours because only server-wide administrators can create groups and we can't give admin access to individual members - because they would have access to *all* members."

i understand the trickiness of it. but we now have almost 200 members, and individually sharing them on the various directories is a little crazy.

so here's my question: would you guys be ok with me providing lists of usernames for a few ownCloud groups so you could create them? we would give them leftroots-specific names, like "allCadres.leftroots" or something. we could come to an agreement about how often we can make changes to these groups (once every three months? six months?), so that managing them doesn't become another significant thing on your plate. would that work for you guys? if not, is there a way of setting up ownCloud groups that you would work for you?

QUESTION #2

is there a way to initialize users' ownCloud accounts on the back end? the problem i'd like to solve is that i want to share people on stuff, but i can't unless they's logged into ownCloud at least once. since we're both implementing ownCloud and welcoming more than 80 new members right now, a lot of people have not gotten ownCloud set up yet. as a practical matter, that means i have to update the "shared with" list on folders and files one by one as people initialize their accounts (and tell me that they've done so), and/or i'm typing everyone's usernames in and discovering by trial and error who is set up and who isn't.

i'd love to initialize all their accounts for them, just so they're available to share things with.

is there a way to do this?

Change History (12)

comment:1 Changed 3 years ago by JaimeV

Owner: set to Jamie McClelland
Status: newassigned

I'll let jamie get back to you about what can be done with our existing install but it does sound like for that level of use you may want to try setting up your own owncloud install. I think this is probably best done on a dedicated server.

Jaime

comment:2 Changed 3 years ago by Jamie McClelland

Hi Ying-Sun,

Question number one...

I'm not sure how your directory structure work. However, if you create just one top level directory that all members share, you will only need to enter the names in one place (same thing I would have to go through if I created a group for you). And then you can create sub-folders within the big folder.

If you want other folders that only a subset of people should have access to, you can create those folders at the top level also, and share each top level folder with the right people.

In this setup - you create a top level folder for each group and then you only have to maintain one list of members in each "folder."

If you want to share both a folder and a calendar with the same group of people, then you would have to enter all of these names twice and a group would make it a bit easier.

Question number two...

Yeah, I see your point and I think I have a reasonable fix. I just reviewed the script I wrote to auto import your new users from a CSV file and tested a simple addition that automatically logs them in after their user account is created. That should allow us to script the full user account creation.

This doesn't help with existing users though (since we don't know their password).

If that doesn't work, I think we could also script the creation of the users without the passwords directly on owncloud.

In general, I would avoid maintaining your own ownCloud instance (as the person who maintains the shared one, I can attest that it is not easy to keep it up to date and secure).

comment:3 Changed 3 years ago by Ying-sun Ho

hey jamie. on question one, i'm not sure that organizing strictly by permission group would be a vast improvement. our membership is organized in enough different ways (e.g., everyone is in a branch, and everyone is in a committee, and the two have nothing to do with each other; we also have caucuses, local leadership bodies, national leadership bodies, etc.) that i'd still end up typing everyone's name in multiple times. and when multiple bodies share particular projects or pieces of content or whatever, it seems like sharing it with two groups would be easier than sharing it with 38 people.

but if it's not possible, we'll just deal.

on question two, that sounds neat! with existing users, i'm considering making a big internal push for people to get set up, and warning them that if they don't, i'm going to change their passwords so that i can log in and initialize their owncloud accounts. and then they'll have to go through the hassle of requesting a new password reset link and yada yada yada.

in any case, thanks for getting back to me. let me know if there is anything we can do to make owncloud groups worth the bother they cause you.

(and i fully support not having me having to maintain our own owncoud installation. 😁)

comment:4 Changed 3 years ago by JaimeV

Hi, just a heads up, jamie will be out the rest of this week. Let me know if there is anything urgent I can help you with.

comment:5 Changed 3 years ago by Ying-sun Ho

ok, thanks for the heads up.

comment:6 in reply to:  3 Changed 3 years ago by Ying-sun Ho

i just thought of something else on question 1 (setting up ownCloud groups). using groups would be significantly easier than entering each user individually if we want anything but the default permissions settings. for instance, it would be a lot easier to uncheck "can delete" once than uncheck it 60-200 times. also, anytime we want to have one folder with stuff a set of users can access and download but not edit or delete, and another one with stuff they CAN edit, we'd have to enter every name twice. i can see wanting this set up for multiple bodies within the organization.

what do you think? is there a way to make this work that doesn't create too much extra work for you guys?

Replying to https://id.mayfirst.org/ying-sun.leftroots:

hey jamie. on question one, i'm not sure that organizing strictly by permission group would be a vast improvement. our membership is organized in enough different ways (e.g., everyone is in a branch, and everyone is in a committee, and the two have nothing to do with each other; we also have caucuses, local leadership bodies, national leadership bodies, etc.) that i'd still end up typing everyone's name in multiple times. and when multiple bodies share particular projects or pieces of content or whatever, it seems like sharing it with two groups would be easier than sharing it with 38 people.

but if it's not possible, we'll just deal.

on question two, that sounds neat! with existing users, i'm considering making a big internal push for people to get set up, and warning them that if they don't, i'm going to change their passwords so that i can log in and initialize their owncloud accounts. and then they'll have to go through the hassle of requesting a new password reset link and yada yada yada.

in any case, thanks for getting back to me. let me know if there is anything we can do to make owncloud groups worth the bother they cause you.

(and i fully support not having me having to maintain our own owncoud installation. 😁)

comment:7 Changed 3 years ago by Jamie McClelland

Yeah... I hear you. I think we'll need to setup groups for you and hope that future releases will provide a secure way for people to admin their own groups.

comment:8 Changed 3 years ago by Jamie McClelland

Can you start with a list of groups?

comment:9 Changed 3 years ago by https://id.mayfirst.org/hazbounsr

Hey just chiming in to say that our organization is also very very interested in these questions. We don't have nearly the same level of users and need for as many fragmented groups so it's not as pressing of a logistical concern but hoping to follow this thread and see what solutions are worked out!

comment:10 Changed 3 years ago by Jamie McClelland

Hi hazbounsr - The best way to get the group functionality is to follow the instructions here:

https://support.mayfirst.org/wiki/owncloud#CanIcreategroupsofpeopletosharewith

It's the last section. That works for us here at MF/PL and most groups. Let us know if that works for you!

comment:11 Changed 3 years ago by Ying-sun Ho

hey, jamie. i can get you groups and usernames, but i still have to get people to initialize their ownCloud accounts. most people have not yet done so. should i just wait till i have that handled?

comment:12 Changed 3 years ago by Jamie McClelland

Resolution: fixed
Status: assignedclosed

Sure, let's wait til you are ready, then send them by email. I'll close this ticket since I think we resolved the issue even if we haven't yet implemented it.

Please login to add comments to this ticket.

Note: See TracTickets for help on using tickets.