Getting rid of DropBox, Google Drive and SkyDrive

I started using DropBox just a few weeks ago. I'm normally very open for each kind of innovation but I just not feel very comfortable with my, sometimes sensitive, data on foreign servers.

Yes, I'm maybe a bit paranoid. But I don't like it. I can remember as the hype with DropBox started I was searching for an alternative. At that time I found the OwnCloud script but it was just the beginning of this project and this software wasn't really reliable.

Eventually I started using DropBox and found it really good but the thing with my data on foreign server in foreign country was still bothering me. Additionally the 2 GB wasn't enough and I didn't wanted to pay for the additional storage when at the same time we have own web server with lot of free space.

As the new hype with GoogleDrive started, I tried to find own solution again. In the meantime OwnCloud evolved and works really fine. But it's still not really an alternative for DropBox because we don't have a synchronisation service. But hey, it's basically the only one thing we're missing. So I thought let's try to endorse it with an other application.

And I can tell ya, it can be done.

The idea looks basically like this:
- OwnCloud is used as the web interface. Because, however, OwnCloud provide much more functionality than only the interface we have much more advantages from this application. At the end we have web interface, access via WebDAV, possibility to share files directly and all these additional apps in OwnCloud like calendar, contacts, gallery and much more.
- Unisonis used for synchronisation between the local computer and the server. The biggest advantage of this solution is the fact that the connection is secured by tunneling over an encrypted SSH connection.

ownCloud

 

Basis Setup

If you are reading this then I suppose you are trying to do something similar so I assume you have the necessary skills for it. Therefore I'm not going to describe simple things such as configuring a domain on the server or similar

.

First at all we need to download and install OwnCloud on your server and configure it.

As I'm very paranoid and this is basically the objective of the whole achievement, I've created a subdomain which is accessible only via https

After we did this we will have a directory inside the OwnCloud script for the particular user:

/var/www/html/cloud/data/firstuser

where "cloud" is our OwnCloud root.

Now we are going to create a system user on the server and set this directory as his home directory:

# useradd -s "/bin/sh" -m -d "/var/www/html/cloud/data/firstuser" -g www-data firstuser

 

The user belongs to the group www-data which is standard user group for Apache on Ubuntu. Don't forget to set a password for this user.

Install Unison on the server. Normally:

# aptitude install unison

should be enough, however the in the repository available Unison version is 2.2. Therefore I've installed the newest version which can be downloaded from launchpad.net

The first part of the server-side work is done.

The part on your local machine is for Mac OS X but I'm pretty sure it would not be very different on Linux or Windows.

 

  1. Download the Unison binary package and install it.
  2. Create a directory which should be synchronised with the server, for example ~/Documents/OwnCloud
  3. Open the Unison GUI and create a new profile.
  4. In the server address point the path to the "files" directory as this is the root of the OwnCloud script for files. Call the profile for example "OwnCloud"

 

unison desktop

If everything went well we should be now able to synchronise the ~/Documents/OwnCloud directory with the server.
However until yet we can do this only manually.

 

Automatic Sync

This is the way I did it. You can choose another ;)

The very first thing to do is to create a ssh passwordless login. There are lot of tutorials in Internet how to achieve this so I'm not going to describe it.

I have normally a "bin" directory for some self-made bash scripts in my home directory.

So create a bash script, I called it "UnisonSync", which looks like this:

#!/bin/sh
unison OwnCloud -ui text -auto -batch -repeat 120 -silent &> /Users/neo/Logs/unison.log
  • OwnCloud is the name of the profile we created in Unison GUI
  • -repeat 120 means these directories should be synchronised every 120 seconds
  • -silent means it shouldn't output any messages other than errors.

Now when we start this script our directories should be automatically synchronised every 2 minutes. You can test it a bit while creating some files on your local machine and see if these files are being uploaded to the server.

Now we are going to create a daemon. Go to the ~/Library/LaunchAgents/ directory and create a file called, let's say com.unison.sync.plist


This is how this file should look like:

    
        
            KeepAlive
            
            Label
            com.unison.sync.plist
            ProgramArguments
            
                /Users/neo/bin/UnisonSync
            
        

 

Now simply run from the terminal:

launchctl load -w ~/Library/LaunchAgents/com.unison.sync.plist

That's it. Now we have our local directory synchronised with the directory on the server.
We can access our data via web interface and share it also with other people. We can also access these files via SFTP or webDAV.
If you just want to synchronise your own data with your own server then this solution should be sufficient for you.

However if you would like to have more than one user using this system as you probably see, there will be a small security breach


Advanced Setup - Multiple users and SSH jail

I've tried several solutions to do this and this one seems to be the most reliable for this purpose.
The main idea is to put the user in a SSH jail and limit access to his files only.

So step by step: first create a new user in the OwnCloud. I'll call this user cloud_user
Install the Jailkit script on your server then create an user in SSH jail:

# mkdir /home/jail
# jk_init -v -j /home/jail basicshell editors extendedshell netutils ssh sftp scp

Add a new system user the same way as above however this time with the regular home directory:

# useradd -d /home/cloud_user -m cloud_user -s /bin/bash -g www-data

Don't forget to set the password:

# passwd cloud_user

And then put this user in the jail:

#jk_jailuser --shell=/bin/bash -m -j /home/jail cloud_user

Additionally we will need the Unison application in our jail:

# cp /usr/bin/unison /home/jail/bin/unison

Now the bit tricky part; we have the user in the jail but this user has to be able to access these files in the OwnCloud application too. But there also is a solution for this.
Create a new directory inside the user home directory, set the ownership and then set the permissions to 775:

# mkdir /home/jail/home/cloud_user/files
# chown cloud_user:www-data /home/jail/home/cloud_user/files/
# chmod 775 /home/jail/home/cloud_user/files/

Now simply mount the OwnCloud user's files directory to the system user's files directory:

# mount /var/www/html/cloud/data/cloud_user/files/ /home/jail/home/cloud_user/files/ -o bind

The whole client-side part is the same as in the basic setup described above.

That's it. Now you can duplicate it and create more users. Each of these users would be able to access only its own files.


Remarks and Problems

The whole point of this was to get it working first. I've just got this working and started to use it. I will try to post updates when I find some problems.
As for now I found following issues:

  1. The whole synchronisation process seems to be a bit slower than with DropBox. I can imagine that it's related to the very strong encryption unison is using while transferring the data
  2. Files uploaded from the client to the server are not writable by the OwnCloud script which is self-evident. I will have to find a method to chmod for those files when these are being uploaded by Unison

Recommended lecture:

  1. Wikipedia article about Unison
  2. Wikipedia article about OwnCloud
  3. Jailkit documentation

 

@ToDo:

  1. First at all I have to find solution for the files permission so the via Unison uploaded could be altered via the web interface
  2. For the client it would be good to have a systray icon with current daemon status and also a Growl notification about changes

 

If you found any problems, errors in this tutorial or if you have any ideas or suggestions feel free to comment.



Located in: Dev
Powered by SobiPro