OwnCloud IaaS

ownCloud is a free and open web application for data synchronization and file collaboration. It can be used in conjunction with SQLite, MariaDB, MySQL, Oracle Database and PostgreSQL databases to create a full-fledged web space from a Linux server for group work with file sharing, calendars, task schedulers, an address book and an office web application with support for Microsoft Office and LibraOffice formats.

2023: FSTEC warns of dangerous vulnerability in ownCloud

At the end of November, FSTEC sent a warning that a dangerous vulnerability was found in the open source web application for group work of ownCloud BDU:2023-08109^[1], which, according to the CVSS classification, has a danger level of 10 out of 10, that is, it can be easily exploited even remotely.

The vulnerability manifests itself when launching ownCloud as part of a Docker container: it allows an attacker to obtain all information about the PHP interpreter using the phpinfo function, including the administrator password, which allows taking control of the corresponding container and the application as a whole. However, even without using container technology, the vulnerability can allow outsiders to obtain important information about the configuration of the corresponding server.

For companies, ownCloud is the equivalent of Microsoft Office 365, with which ownCloud also has integration. The application can be deployed on its own infrastructure and replaced with products from the Microsoft Office line, which made it quite popular.

So, according to the Netlas.io search engine Russia , there are more than 1.7 thousand installations of such applications, and this is the fourth place in the distribution of this web application around the world. The leaders in the popularity of its use (Germany 8.4 thousand installations), (France 5.8 thousand) and (USA 3.3 thousand). In total, around the world, the search engine discovered 33.8 thousand installations of ownCloud.

ownCloud Web Application Distribution Map by Country (Netlas.io Search Engine Diagram)

Docker containers released later than February 2023 are vulnerable - they contain the version of the vulnerable graphapi library 0.2.0 - 0.3.0, which discloses confidential information about the execution environment. There are no updates for the library yet, but there are recommendations from FSTEC to protect against exploitation of this vulnerability:

удалите файл owncloud/apps/graphapi/ vendor/microsoft/microsoft-graph/tests/GetPhpInfo.php; disable the phpinfo function; Use Web Application Layer Firewall to restrict remote access Restrict access from external networks (Internet) Use virtual private networks to organize remote access (VPN).

The ownCloud developers themselves advise^[2] to change the web application administrator password, database access password, mail system password, and encryption keys to access Amazon S3 baskets after disabling graphapi and phpinfo.

2016: ownCloud 9.0

In March 2016, the release of the ownCloud 9.0 project was presented, within the framework of which a system is being developed for organizing storage, synchronization and exchange of data hosted on external servers. Unlike Google Drive, Dropbox, Yandex.Disk and box.net, the ownCloud project gives the user full control over their data - the information is not tied to external closed cloud storage systems, but is located on user-controlled equipment.

ownCloud provides tools for sharing, version control of changes, support for playing media content and viewing documents directly from the web interface, the ability to synchronize data between different machines, the ability to view and edit data from any device anywhere on the network. Access to data can be organized both using the web interface and using the WebDAV protocol and its CardDAV and CalDAV extensions. The source code of the system is distributed under the AGPL license. The ownCloud server can be deployed on any hosting that supports PHP script execution and provides access to SQLite, MySQL or PostgreSQL.

The main innovations of ownCloud 9.0:

• Expand collaboration and user interaction tools. Added support for comments and tags. For any file in the vault, you can leave comments and view comments from other users. Tagging makes it easier to categorize and filter files;
• A redesigned system for displaying notifications and monitoring activity in the system allows you to track actions with stored files and respond to new events, such as notifications in the scheduler calendar and information about new shared repositories;
• A fully functional implementation of Federated Cloud, which allows you to create shared folders shared by different servers and send requests to users of other servers. The new release is notable for supporting trusted servers and simplifying the use of a single username on different servers. When organizing shared storage, the external server can be marked as trusted, which will lead to the exchange of usernames. Trust servers can be assigned automatically or manually approved by the administrator.
• Improved scalability. In addition to the already available capabilities to use ownCloud on systems from Raspberry Pi with 1-10 users to large servers with hundreds of thousands of users, the new release introduces a new API for integration with arbitrary storage systems. The API was developed jointly by engineers from organizations such as CERN and AARNet and allows you to abstract from storage mechanisms, allowing you to create storage of several petabytes.
• A rewritten and simplified sharing model that blocks conflicts due to recursive access opening and assigns an explicit owner to each file;

Updated calendar implementation;

• New implementation of the address book;
• New standalone update installation system;
• To ensure the integrity of the plants, a digital signature control system is presented.

2015: Release of ownCloud 8.1 released

On July 7, 2015, it became known about the release of ownCloud 8.1. Unlike Google Drive, Dropbox, Yandex.Disk and box.net, the ownCloud project gives the user full control over their data - the information is not tied to external closed cloud storage systems, but is located on user-controlled equipment^[3].

Modified ownCloud 8.1 properties:

• Significant internal changes have been made to increase the scalability and performance of file operations and the synchronization process. Architectural improvements have been made to increase the security of the platform. Up to four times faster download and upload operations. The transition to parallel processing of requests allowed to increase the number of supported active users by 50%.
• The administrator interface has improved the tools for managing external repositories, added new mount options, which allow you to control the inclusion of encryption, previewing and the frequency of checking changes for each mount point. Support for SSH key authentication has been added for CIFS/SMB and FTPS stores;
• An updated LDAP configurator has been added, which provides tools for automatically determining configuration parameters and an interface for checking the correctness of settings. Improved user and group selection interface.
• The Encryption 2.0 module is presented, which has support for managing external keys, increased reliability and improved management tools.
• The settings and address book provide the display of Federated Cloud IDs to simplify the organization of data sharing;
• Documentation is integrated into the web interface. In settings, notifications and warnings, references to documentation are provided;
• The document component has been updated to the latest release of the WebODF platform, which introduces annotation support and new style management capabilities;
• Added support for previewing 3D images and fonts, as well as the ability to view RAW files;
• Automatic cleaning of the basket and database is implemented.

2014

ownCloud 7 Enterprise Edition

On November 24, 2014, ownCloud released a new version of the ownCloud 7 Enterprise Edition platform for storing and sharing data, created on the basis of open source^[4].

Many enterprises use a variety of hardware for data storage, including SAN, NAS, servers that employees access using PCs, smartphones, and tablets. This variety of devices complicates the management of the storage and file sharing infrastructure. One way to solve the problem is to move to storing information in the public cloud. This ideology is not suitable for all organizations.

Another option is to create a private storage infrastructure based on cloud technologies and supporting access to corporate and public information from PCs and any mobile device. To do this ON , ownCloud Enterprise 7 is designed, it provides access to files, helps manage this process in an enterprise system that includes a variety of hardware, and also supports work with public storage systems.

After you install ownCloud on the server, your IT administrator can manage how users access enterprise storage devices and cloud services. For example, it can integrate ownCloud with existing Active Directory (AD) and/or Lightweight Directory Access Protocol (LDAP) systems.

The main advantage of ownCloud, according to the vendor, is the ability to combine a heterogeneous environment consisting of file systems and cloud resources into a single pool, which the user accesses as one unified storage system, but at the same time the administrator manages security and data protection. This is achieved by the fact that ownCloud supports interfaces with a wide variety of systems, such as SharePoint Web Interface for SharePoint, Windows Explorer for Windows Network Drive, etc.

As a result, ownCloud users can directly interact with other users who also have this system installed without accessing shared communication channels. According to the supplier, this allows you to combine the flexibility of a public cloud with the security of a private one and is a unique feature of ownCloud, which distinguishes this system from other data access solutions.

Other new versions of version 7 include improved work with network drives, which are now easier to connect using their existing Access Control Lists (ACLs), support for object stores such as Swift, OpenStack Object Storage and Amazon S3. The administrator can combine different types of storage to meet the needs of users.

The cost of an annual subscription to ownCloud 7 Enterprise Edition software is $9 thousand per 50 users. For testing, a free trial version is provided, implemented in the form of a virtual device running on top of vSphere, VMware Workstation and KVM. In addition, there is a public version of ownCloud 7 Community Edition, which can be downloaded via the Internet.

ownCloud 7 beta

On June 30, 2014, it became known about the release of a new beta version of the open source project ownCloud 7, with improved features.

Among the new features of the community-driven beta release of ownCloud 7 is server sharing to data. Previously, ownCloud technology deployed on the organization's own server did not make it easy to use this feature.

Servers share data using WebDAV. Authentication is implemented through special sharing keys, which are exchanged when the user initiates data sharing.

It became possible to use the server part of OpenStack Swift to store files and share access to them. The server instance can merge with others and is clustered through server support in ownCloud 7 of the new Swift object store. Therefore, ownCloud can work on top of merged object stores.

After that, different servers or instances or clusters of ownCloud can be connected using the new function of sharing servers to data. This consolidation can occur at the object storage level, at the administration level, and at the user sharing level.

The inclusion of Swift support as a server component in ownCloud represents a departure from previous releases of this technology. According to the developers, previously it was possible to supplement the ownCloud server with object stores as special folders. In such a scenario, it was always necessary to store something locally in order to support user home directories, file versions, garbage bin and other traditional partitions. In ownCloud 7, everything can be found in the object store, the need for local storage has disappeared. Performance has increased because object stores are accessed as objects rather than filesystems.

ownCloud Community 7 beta is equipped with a file viewer with advanced sorting methods. A view of Lazy Loading Files appeared - those that are downloaded when the user scrolls the page.

You can create a storage location report that shows users the file storage properties. It can be Swift, as well as Amazon S3, Google Drive, other storage. In ownCloud 7, users get a clearer view of file updates through an improved notification system that will email a file change, is shared, or deleted. The new SMTP configuration assistant simplifies the connection of ownCloud 7 to the mail server.

The new beta release of ownCloud 7 is aimed at the developer community. It is expected to become publicly available in July 2014. There is also a commercial enterprise version of ownCloud.

2012: ownCloud 4.50

Its October 2012 version of ownCloud 4.50 "significantly accelerated bidirectional file downloads, even of a very large size, redesigned sharing, stronger and more detailed administrative controls, improved integration with popular business tools, and the ownCloud 2012 Business and ownCloud 2012 Enterprise versions will provide companies with the necessary security and control along with flexibility and convenience for end users."

The main difference between ownCloud and popular cloud storage services such as Dropbox, Google Drive or Box, which contain your data in third-party remote data centers, is that ownCloud gives you the right to choose your own place to store information. You can rely on yourself and use only your own servers, or you can organically integrate them with external cloud services such as the already mentioned three or other services, for example, Amazon S3. Thus, you can use ownCloud with its security, storage, monitoring, and reporting tools to manage not only your private cloud storage, but the resources of many other cloud services.

Administrators can now mount external cloud resources (Dropbox, Google, Swift, S3, etc.), determining whether they will be available to the entire population of users, a group or a specific user, the company said. "Individual users can also act, and for the first time they have the ability to sync and share files on various cloud services when using ownCloud as a single access point."

The program also introduced a number of additional functions, and primarily these are subadministrators for groups. This means that an administrator can designate a sub-administrator to manage the accounts of a particular group. Next, there was a function of fast synchronization with desktop PCs based on an improved algorithm that significantly reduces the load on the server and speeds up the synchronization process. The distinction of access rights has become more detailed, and now end users can determine who and what can be done with their shared data. New features in the basic part of the system allow you to manage authentication for remote WebDAV, IMAP, Samba and FTP servers. You can now also use ownCloud with LDAP (Lightweight Directory Access Protocol) and AD (Active Directory). Finally, the program has improved logging functions. A complete history is maintained for each file on the server, and you can always find out what operations were performed on a particular file. As a fun feature of ownCloud, we also note its HTML5-compatible live video playback feature .

As before, ownCloud is supplied under the AGPL (Affero General Public License) free licensing program. AGPL is a variant of the GPL developed for network server software.

OwnCloud is one of the programs for LAMP servers (Linux, Apache, MySQL, PHP). In addition to MySQL, SQLite or PostgreSQ can also be used as a DBMS. Commercial versions of ownCloud - Business, Enterprise and Education Edition - can also work with Oracle. These versions also include a logging module for logging file actions (who, when and where had access to the file) and dynamic memory allocation to users, eliminating balancing quotas.

Companies everywhere are beginning to understand that for better control over the data sent by their staff in both directions across the enterprise border, it is not enough to have iPad applications and third-party storage services, "said Marcus Rex, chief executive of ownCloud. - ownCloud software provides companies with the necessary control, and users with a friendly and hardware-independent way to do their job '.

Notes