Using the occ command

Nextcloud’s occ command (origins from “ownCloud Console”) is Nextcloud’s command-line interface. You can perform many common server operations with occ, such as installing and upgrading Nextcloud, manage users, encryption, passwords, LDAP setting, and more.

occ is in the nextcloud/ directory; for example /var/www/nextcloud on Ubuntu Linux. occ is a PHP script. You must run it as your HTTP user to ensure that the correct permissions are maintained on your Nextcloud files and directories.

occ command Directory

Run occ as your HTTP user

The HTTP user is different on the various Linux distributions:

  • The HTTP user and group in Debian/Ubuntu is www-data.

  • The HTTP user and group in Fedora/CentOS is apache.

  • The HTTP user and group in Arch Linux is http.

  • The HTTP user in openSUSE is wwwrun, and the HTTP group is www.

If your HTTP server is configured to use a different PHP version than the default (/usr/bin/php), occ should be run with the same version. For example, in CentOS 6.5 with SCL-PHP70 installed, the command looks like this:

sudo -u apache /opt/rh/php70/root/usr/bin/php /var/www/html/nextcloud/occ

Note

Although the following examples make use of the sudo -u ... /path/to/php /path/to/occ method, your environment may require use of a different wrapper utility than sudo to execute the command as the appropriate user. Other common wrappers:

  • su --command '/path/to/php ...' username – Note here that the target user specification comes at the end, and the command to execute is specified first.

  • runuser --user username -- /path/to/php ... – This wrapper might be used in container contexts (ex: Docker / arm32v7/nextcloud) where both sudo and su wrapper utilities cannot be used.

Running occ with no options lists all commands and options, like this example on Ubuntu:

sudo -u www-data php occ
Nextcloud version 19.0.0

Usage:
 command [options] [arguments]

Options:
 -h, --help            Display this help message
 -q, --quiet           Do not output any message
 -V, --version         Display this application version
     --ansi            Force ANSI output
     --no-ansi         Disable ANSI output
 -n, --no-interaction  Do not ask any interactive question
     --no-warnings     Skip global warnings, show command output only
 -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output,
                       2 for more verbose output and 3 for debug

Available commands:
 check                 check dependencies of the server
                       environment
 help                  Displays help for a command
 list                  Lists commands
 status                show some status information
 upgrade               run upgrade routines after installation of
                       a new release. The release has to be
                       installed before.

This is the same as sudo -u www-data php occ list.

Run it with the -h option for syntax help:

sudo -u www-data php occ -h

Display your Nextcloud version:

sudo -u www-data php occ -V
  Nextcloud version 19.0.0

Query your Nextcloud server status:

sudo -u www-data php occ status
  - installed: true
  - version: 19.0.0.12
  - versionstring: 19.0.0
  - edition:

occ has options, commands, and arguments. Options and arguments are optional, while commands are required. The syntax is:

occ [options] command [arguments]

Get detailed information on individual commands with the help command, like this example for the maintenance:mode command:

sudo -u www-data php occ help maintenance:mode
Usage:
 maintenance:mode [options]

Options:
     --on              enable maintenance mode
     --off             disable maintenance mode
 -h, --help            Display this help message
 -q, --quiet           Do not output any message
 -V, --version         Display this application version
     --ansi            Force ANSI output
     --no-ansi         Disable ANSI output
 -n, --no-interaction  Do not ask any interactive question
     --no-warnings     Skip global warnings, show command output only
 -v|vv|vvv, --verbose  Increase the verbosity of messages: 1 for normal output,
                       2 for more verbose output and 3 for debug

The status command from above has an option to define the output format. The default is plain text, but it can also be json:

sudo -u www-data php occ status --output=json
{"installed":true,"version":"19.0.0.9","versionstring":"19.0.0","edition":""}

or json_pretty:

sudo -u www-data php occ status --output=json_pretty
{
   "installed": true,
   "version": "19.0.0.12",
   "versionstring": "19.0.0",
   "edition": ""
}

This output option is available on all list and list-like commands: status, check, app:list, config:list, encryption:status and encryption:list-modules

Environment variables

sudo does not forward environment variables by default. Put the variables before the php command:

sudo -u www-data NC_debug=true php occ status

Alternatively, you can export the variable or use the -E switch for sudo:

NC_debug=true sudo -E -u www-data php occ status

Enabling autocompletion

Note

Command autocompletion currently only works if the user you use to execute the occ commands has a profile. www-data in most cases is nologon and therefore cannot use this feature.

Autocompletion is available for bash (and bash based consoles). To enable it, you have to run one of the following commands:

# BASH ~4.x, ZSH
source <(/var/www/html/nextcloud/occ _completion --generate-hook)

# BASH ~3.x, ZSH
/var/www/html/nextcloud/occ _completion --generate-hook | source /dev/stdin

# BASH (any version)
eval $(/var/www/html/nextcloud/occ _completion --generate-hook)

This will allow you to use autocompletion with the full path /var/www/html/nextcloud/occ <tab>.

If you also want to use autocompletion on occ from within the directory without using the full path, you need to specify --program occ after the --generate-hook.

If you want the completion to apply automatically for all new shell sessions, add the command to your shell’s profile (eg. ~/.bash_profile or ~/.zshrc).

Run commands in maintenance mode

In maintenance mode, apps are not loaded [1], so commands from apps are unavailable. Commands integrated into Nextcloud server are available in maintenance mode.

We discourage the use of maintenance mode unless the command explicitly prompts you to do so or unless the commands’ documentation explicitly states that maintenance mode should be used.

A command may use events to communicate with other apps. An app can only react to an event when loaded. Example: The command user:delete deletes a user account. UserDeletedEvent is emitted. Calendar app implements an event listener to delete user data [2]. In maintenance mode, the Calendar app is not loaded, and hence the user data not deleted.

Apps commands

The app commands list, enable, and disable apps:

app
 app:install      install selected app
 app:disable      disable an app
 app:enable       enable an app
 app:getpath      get an absolute path to the app directory
 app:list         list all available apps
 app:update       update an app or all apps
 app:remove       disable and remove an app

Download and install an app:

sudo -u www-data php occ app:install twofactor_totp

Install but don’t enable:

sudo -u www-data php occ app:install --keep-disabled twofactor_totp

Install regardless of the Nextcloud version requirement:

sudo -u www-data php occ app:install --force twofactor_totp

List all of your installed apps, and show whether they are enabled or disabled:

sudo -u www-data php occ app:list

List non-shipped installed apps only:

sudo -u www-data php occ app:list --shipped false

Enable an app, for example the External Storage Support app:

sudo -u www-data php occ app:enable files_external
files_external enabled

Enable an app regardless of the Nextcloud version requirement:

sudo -u www-data php occ app:enable --force files_external
files_external enabled

Enable an app for specific groups of users:

sudo -u www-data php occ app:enable --groups admin --groups sales files_external
files_external enabled for groups: admin, sales

Enable multiple apps simultaneously:

sudo -u www-data php occ app:enable app1 app2 app3
app1 enabled
app2 enabled
app3 enabled

Disable an app:

sudo -u www-data php occ app:disable files_external
files_external disabled

Disable and remove an app:

sudo -u www-data php occ app:remove files_external
files_external disabled
files_external 1.21.0 removed

Remove an app, but keep the app data:

sudo -u www-data php occ app:remove --keep-data files_external
files_external 1.21.0 removed

You can get the full filepath to an app:

sudo -u www-data php occ app:getpath notifications
/var/www/nextcloud/apps/notifications

To update an app, for instance Contacts:

sudo -u www-data php occ app:update contacts

To update all apps:

sudo -u www-data php occ app:update --all

To show available update(s) without updating:

sudo -u www-data php occ app:update --showonly

Background jobs selector

Use the background command to select which scheduler you want to use for controlling background jobs, Ajax, Webcron, or Cron. This is the same as using the Cron section on your Nextcloud Admin page:

background
 background:ajax       Use ajax to run background jobs
 background:cron       Use cron to run background jobs
 background:webcron    Use webcron to run background jobs

This example selects Ajax:

sudo -u www-data php occ background:ajax
  Set mode for background jobs to 'ajax'

The other two commands are:

  • background:cron

  • background:webcron

See Background jobs to learn more.

Config commands

The config commands are used to configure the Nextcloud server:

config
 config:app:delete      Delete an app config value
 config:app:get         Get an app config value
 config:app:set         Set an app config value
 config:import          Import a list of configs
 config:list            List all configs
 config:system:delete   Delete a system config value
 config:system:get      Get a system config value
 config:system:set      Set a system config value

While setting a configuration value, multiple options are available:

  • --value=VALUE change the configuration value

  • --type=TYPE change the type of the value. Use carefully; can break your instance

  • --lazy|--no-lazy set value as lazy

  • --sensitive|--no-sensitive set value as sensitive

  • --update-only only updates if a value is already stored

Note

See Appconfig Concepts to learn more about typed value, lazy and sensitive flag.

You can list all configuration values with one command:

sudo -u www-data php occ config:list

By default, passwords and other sensitive data are omitted from the report, so the output can be posted publicly (e.g. as part of a bug report). In order to generate a full backport of all configuration values the --private flag needs to be set:

sudo -u www-data php occ config:list --private

The exported content can also be imported again to allow the fast setup of similar instances. The import command will only add or update values. Values that exist in the current configuration, but not in the one that is being imported are left untouched:

sudo -u www-data php occ config:import filename.json

It is also possible to import remote files, by piping the input:

sudo -u www-data php occ config:import < local-backup.json

Note

While it is possible to update/set/delete the versions and installation statuses of apps and Nextcloud itself, it is not recommended to do this directly. Use the occ app:enable, occ app:disable and occ app:update commands instead.

Getting a single configuration value

These commands get the value of a single app or system configuration:

sudo -u www-data php occ config:system:get version
19.0.0.12

sudo -u www-data php occ config:app:get activity installed_version
2.2.1

Setting a single configuration value

These commands set the value of a single app or system configuration:

sudo -u www-data php occ config:system:set logtimezone
--value="Europe/Berlin"
System config value logtimezone set to Europe/Berlin

sudo -u www-data php occ config:app:set files_sharing
incoming_server2server_share_enabled --value="yes"
Config value incoming_server2server_share_enabled for app files_sharing set to yes

The config:system:set command creates the value, if it does not already exist. To update an existing value, set --update-only:

sudo -u www-data php occ config:system:set doesnotexist --value="true"
--type=boolean --update-only
Value not updated, as it has not been set before.

Note that in order to write a Boolean, float, or integer value to the configuration file, you need to specify the type on your command. This applies only to the config:system:set command. The following values are known:

  • boolean

  • integer

  • float

  • string (default)

When you want to e.g. disable the maintenance mode run the following command:

sudo -u www-data php occ config:system:set maintenance --value=false
--type=boolean
Nextcloud is in maintenance mode - no app have been loaded
System config value maintenance set to boolean false

Setting an array configuration value

Some configurations (e.g. the trusted domain setting) are an array of data. In this case, config:system:get for this key will return multiple values:

sudo -u www-data php occ config:system:get trusted_domains
localhost
nextcloud.local
sample.tld

To set one of multiple values, you need to specify the array index as the second name in the config:system:set command, separated by a space. For example, to replace sample.tld with example.com, trusted_domains => 2 needs to be set:

sudo -u www-data php occ config:system:set trusted_domains 2
--value=example.com
System config value trusted_domains => 2 set to string example.com

sudo -u www-data php occ config:system:get trusted_domains
localhost
nextcloud.local
example.com

Setting a hierarchical configuration value

Some configurations use hierarchical data. For example, the settings for the Redis cache would look like this in the config.php file:

'redis' => array(
  'host' => '/var/run/redis/redis.sock',
  'port' => 0,
  'dbindex' => 0,
  'password' => 'secret',
  'timeout' => 1.5,
)

Setting such hierarchical values works similarly to setting an array value above. For this Redis example, use the following commands:

sudo -u www-data php occ config:system:set redis host \
--value=/var/run/redis/redis.sock
sudo -u www-data php occ config:system:set redis port --value=0
sudo -u www-data php occ config:system:set redis dbindex --value=0
sudo -u www-data php occ config:system:set redis password --value=secret
sudo -u www-data php occ config:system:set redis timeout --value=1.5

Deleting a single configuration value

These commands delete the configuration of an app or system configuration:

sudo -u www-data php occ config:system:delete maintenance:mode
System config value maintenance:mode deleted

sudo -u www-data php occ config:app:delete appname provisioning_api
Config value provisioning_api of app appname deleted

The delete command will by default not complain if the configuration was not set before. If you want to be notified in that case, set the --error-if-not-exists flag:

sudo -u www-data php occ config:system:delete doesnotexist
--error-if-not-exists
Config provisioning_api of app appname could not be deleted because it did not
exist

Dav commands

A set of commands to create and manage addressbooks and calendars:

dav
 dav:create-addressbook                 Create a dav addressbook
 dav:list-addressbooks                  List all addressbooks of a user
 dav:create-calendar                    Create a dav calendar
 dav:create-subscription                Create a dav calendar subscription
 dav:delete-calendar                    Delete a dav calendar
 dav:fix-missing-caldav-changes         Insert missing calendarchanges rows for existing events
 dav:list-calendars                     List all calendars of a user
 dav:move-calendar                      Move a calendar from an user to another
 dav:remove-invalid-shares              Remove invalid dav shares
 dav:send-event-reminders               Sends event reminders
 dav:sync-birthday-calendar             Synchronizes the birthday calendar
 dav:sync-system-addressbook            Synchronizes users to the system addressbook

The syntax for dav:create-addressbook and dav:create-calendar is dav:create-addressbook [user] [name]. This example creates the addressbook mollybook for the user molly:

sudo -u www-data php occ dav:create-addressbook molly mollybook

This example creates a new calendar for molly:

sudo -u www-data php occ dav:create-calendar molly mollycal

Molly will immediately see these in the Calendar and Contacts apps.

The syntax for dav:create-subscription is dav:create-subscription [user] [name] [url] [optional color]. This example creates the subscription subscription for the lunar calendar Lunar Calendar for the user molly:

sudo -u www-data php occ dav:create-subscription molly "Lunar Calendar" webcal://cantonbecker.com/astronomy-calendar/astrocal.ics

Molly will immediately see this new subscription calendar in the Calendar app.

Optionally, a color for the new subscription calendar can be passed as a HEX color code:

sudo -u www-data php occ dav:create-subscription molly "Lunar Calendar" calendar webcal://cantonbecker.com/astronomy-calendar/astrocal.ics "#ff5733"

If not set, the theming default color will be used.

dav:delete-calendar [--birthday] [-f|--force] <uid> [<name>] deletes the calendar named name (or the birthday calendar if --birthday is specified) of the user uid. You can use the force option -f or --force to delete the calendar instead of moving it to the trashbin.

This example will delete the calendar mollycal of user molly:

sudo -u www-data php occ dav:delete-calendar molly mollycal

This example will delete the birthday calendar of user molly:

sudo -u www-data php occ dav:delete-calendar --birthday molly

dav:list-calendars [user] and dav:list-addressbooks [user] will display a table listing the calendars or addressbooks for a given user.

This example will list all calendars for user annie:

sudo -u www-data php occ dav:list-calendars annie

This example will list all addressbooks for user annie:

sudo -u www-data php occ dav:list-addressbooks annie

dav:dav:fix-missing-caldav-changes [user] tries to restore calendar sync changes when data in the calendarchanges table has been lost. If the user ID is omitted, the command runs for all users. This can take a while.

dav::move-calendar [name] [sourceuid] [destinationuid] allows the admin to move a calendar named name from a user sourceuid to the user destinationuid. You can use the force option -f to enforce the move if there are conflicts with existing shares. The system will also generate a new unique calendar name in case there is a conflict over the destination user.

This example will move calendar named personal from user dennis to user sabine:

sudo -u www-data php occ dav:move-calendar personal dennis sabine

dav:remove-invalid-shares will remove invalid shares created by a bug into the calendar app

dav:send-event-reminders is a command that should be called regularly through a dedicated cron job to send event reminder notifications.

See Calendar / CalDAV for more information on how to use this command.

dav:sync-birthday-calendar adds all birthdays to your calendar from addressbooks shared with you. This example syncs to your calendar from user bernie:

sudo -u www-data php occ dav:sync-birthday-calendar bernie

Sync system address book

dav:sync-system-addressbook synchronizes all users to the system address book:

sudo -u www-data php occ dav:sync-system-addressbook

Database conversion

The SQLite database is good for testing, and for Nextcloud servers with small single-user workloads that do not use sync clients, but production servers with multiple users should use MariaDB, MySQL, or PostgreSQL. You can use occ to convert from SQLite to one of these other databases.

db
 db:convert-type           Convert the Nextcloud database to the newly
                           configured one
 db:generate-change-script generates the change script from the current
                           connected db to db_structure.xml

You need:

  • Your desired database and its PHP connector installed.

  • The login and password of a database admin user.

  • The database port number, if it is a non-standard port.

This is example converts SQLite to MySQL/MariaDB:

sudo -u www-data php occ db:convert-type mysql oc_dbuser 127.0.0.1
oc_database

For a more detailed explanation see Converting database type

Add missing indices

It might happen that we add from time to time new indices to already existing database tables, for example to improve performance. In order to check your database for missing indices run following command:

sudo -u www-data php occ db:add-missing-indices

Use option --dry-run to output the SQL queries without running them.

Encryption

occ includes a complete set of commands for managing encryption:

encryption
 encryption:change-key-storage-root   Change key storage root
 encryption:decrypt-all               Disable server-side encryption and
                                      decrypt all files
 encryption:disable                   Disable encryption
 encryption:drop-legacy-filekey       Drop legacy filekey for files still using it
 encryption:enable                    Enable encryption
 encryption:enable-master-key         Enable the master key. Only available
                                      for fresh installations with no existing
                                      encrypted data! There is also no way to
                                      disable it again.
 encryption:encrypt-all               Encrypt all files for all users
 encryption:list-modules              List all available encryption modules
 encryption:set-default-module        Set the encryption default module
 encryption:show-key-storage-root     Show current key storage root
 encryption:status                    Lists the current status of encryption

encryption:status shows whether you have active encryption, and your default encryption module. To enable encryption you must first enable the Encryption app, and then run encryption:enable:

sudo -u www-data php occ app:enable encryption
sudo -u www-data php occ encryption:enable
sudo -u www-data php occ encryption:status
 - enabled: true
 - defaultModule: OC_DEFAULT_MODULE

encryption:change-key-storage-root is for moving your encryption keys to a different folder. It takes one argument, newRoot, which defines your new root folder:

sudo -u www-data php occ encryption:change-key-storage-root /etc/oc-keys

You can see the current location of your keys folder:

sudo -u www-data php occ encryption:show-key-storage-root
Current key storage root:  default storage location (data/)

encryption:list-modules displays your available encryption modules. You will see a list of modules only if you have enabled the Encryption app. Use encryption:set-default-module [module name] to set your desired module.

encryption:encrypt-all encrypts all data files for all users. You must first put your Nextcloud server into maintenance mode to prevent any user activity until encryption is completed.

encryption:decrypt-all decrypts all user data files, or optionally a single user:

sudo -u www-data php occ encryption:decrypt freda

Users must have enabled recovery keys on their Personal pages.

Note that if you do not have master key/recovery key enabled, you can ONLY decrypt files per user, one user at a time and NOT when in maintenance mode. You will need the users’ password to decrypt the files.

Use encryption:disable to disable your encryption module. You must first put your Nextcloud server into maintenance mode to prevent any user activity.

encryption:enable-master-key creates a new master key, which is used for all user data instead of individual user keys. This is especially useful to enable single-sign on. Use this only on fresh installations with no existing data, or on systems where encryption has not already been enabled. It is not possible to disable it.

encryption:drop-legacy-filekey scans the files for the legacy filekey format using RC4 and get rid of it (if master key is enabled). The operation can be quite slow as it needs to rewrite each encrypted file. If you do not do it files will be migrated to drop their legacy filekey on the first modification. If you have old files from Nextcloud<25 still using base64 encoding this will migrate them to the binary format and save about 33% disk space.

See Encryption configuration to learn more.

Federation sync

Note

This command is only available when the “Federation” app (federation) is enabled.

Synchronize the addressbooks of all federated Nextcloud servers:

federation:sync-addressbooks  Synchronizes addressbooks of all
                              federated clouds

In Nextcloud, servers connected with federation shares can share user address books, and auto-complete usernames in share dialogs. Use this command to synchronize federated servers:

sudo -u www-data php occ federation:sync-addressbooks

File operations

Available occ commands for the files namespace:

files:cleanup                    cleanup filecache
files:copy                       Copy a file or folder
files:delete                     Delete a file or folder
files:get                        Get the contents of a file
files:move                       Move a file or folder
files:object:delete              Delete an object from the object store
files:object:get                 Get the contents of an object
files:object:put                 Write a file to the object store
files:put                        Write contents of a file
files:recommendations:recommend
files:reminders                  List file reminders
files:repair-tree                Try and repair malformed filesystem tree structures
files:scan                       rescan filesystem
files:scan-app-data              rescan the AppData folder
files:transfer-ownership         All files and folders are moved to another user - outgoing shares and incoming user file shares (optionally) are moved as well.

Scan

The files:scan command scans for new files and updates the file cache. You may rescan all files, per-user, a space-delimited list of users, and limit the search path. If not using --quiet, statistics will be shown at the end of the scan:

sudo -u www-data php occ files:scan --help
Description:
  rescan filesystem

Usage:
  files:scan [options] [--] [<user_id>...]

Arguments:
  user_id                  will rescan all files of the given user(s)

Options:
      --output[=OUTPUT]    Output format (plain, json or json_pretty, default is plain) [default: "plain"]
  -p, --path=PATH          limit rescan to this path, eg. --path="/alice/files/Music", the user_id is determined by the path and the user_id parameter and --all are ignored
      --generate-metadata  Generate metadata for all scanned files
      --all                will rescan all files of all known users
      --unscanned          only scan files which are marked as not fully scanned
      --shallow            do not scan folders recursively
      --home-only          only scan the home storage, ignoring any mounted external storage or share
  -h, --help               Display help for the given command. When no command is given display help for the list command
  -q, --quiet              Do not output any message
  -V, --version            Display this application version
      --ansi|--no-ansi     Force (or disable --no-ansi) ANSI output
  -n, --no-interaction     Do not ask any interactive question
      --no-warnings        Skip global warnings, show command output only
  -v|vv|vvv, --verbose     Increase the verbosity of messages: 1 for normal output, 2 for more verbose output and 3 for debug

Verbosity levels of -vv or -vvv are automatically reset to -v

Note for option --unscanned: In general there is a background job (through cron) that will do that scan periodically. The --unscanned option makes it possible to trigger this from the CLI.

When using the --path option, the path must consist of following components:

"user_id/files/path"
  or
"user_id/files/mount_name"
  or
"user_id/files/mount_name/path"

where the term files is mandatory.

Example:

--path="/alice/files/Music"

In the example above, the user_id alice is determined implicitly from the path component given.

The --path, --all and [user_id] parameters are exclusive - only one must be specified.

Scan appdata

Appdata is a folder inside of the data directory which contains files that are shared between users and can be put there by the server or apps like avatar images, file previews and cached CSS files for example.

Since the regular files scan only operates on user files the occ files:scan-app-data command will check the appdata directory and make sure that the filecache is consistent with the files on the actual storage.:

Usage:
  files:scan-app-data [options] [--] [<folder>]

Arguments:
  folder                 The appdata subfolder to scan [default: ""]

Cleanup

files:cleanup tidies up the server’s file cache by deleting all file entries that have no matching entries in the storage table.

Repair-Tree

files:repair-tree try and repair malformed filesystem tree structures. If for any reason the path of an entry in the filecache doesn’t match with it’s expected path, based on the path of it’s parent node, you end up with an entry in the filecache that exists in different places based on how the entry is generated. For example, if while listing folder /foo it contains a file bar.txt, but when trying to do anything with /foo/bar.txt the file doesn’t exists.

This command attempts to repair such entries by querying for entries where the path doesn’t match the expected path based on it’s parent path and filename and resets it’s path to the expected one.

Transfer

The command occ files:transfer-ownership can be used to transfer files from one user to another:

Usage:
  files:transfer-ownership [options] [--] <source-user> <destination-user>

Arguments:
  source-user                                                owner of files which shall be moved
  destination-user                                           user who will be the new owner of the files

Options:
      --path=PATH                                            selectively provide the path to transfer. For example --path="folder_name" [default: ""]
      --move                                                 move data from source user to root directory of destination user, which must be empty
      --transfer-incoming-shares[=TRANSFER-INCOMING-SHARES]  transfer incoming user file shares to destination user. Usage: --transfer-incoming-shares=1 (value required) [default: "2"]

You may transfer all files and shares from one user to another. This is useful before removing a user:

sudo -u www-data php occ files:transfer-ownership <source-user> <destination-user>

The transferred files will appear inside a new sub-directory in the destination user’s home.

Note

Unless server side encryption is enabled, the command will init the <destination-user> file system in Nextcloud versions 22.2.6, 23.0.3 and since 24. When it is unable to create the user’s folder in the data directory it will show the following error: unable to rename, destination directory is not writable. Before 22.2.6 the command occ files:transfer-ownership would only work after the user has logged in for the first time.

If the destination user has no files at all (empty home), it is possible to also transfer all the source user’s files by passing --move:

sudo -u www-data php occ files:transfer-ownership --move <source-user> <destination-user>

In this case no sub-directory is created and all files will appear directly in the root of the user’s home.

It is also possible to transfer only one directory along with its contents. This can be useful to restructure your organization or quotas. The --path argument is given as the path to the directory as seen from the source user:

sudo -u www-data php occ files:transfer-ownership --path="path_to_dir" <source-user> <destination-user>

Incoming shares are not moved by default because the sharing user holds the ownership of the respective files. There is however an option to enable moving incoming shares.

In case the incoming shares must be transferred as well, use the argument --transfer-incoming-shares with 0 or 1 as parameters

sudo -u www-data php occ files:transfer-ownership --transfer-incoming-shares=1 --path="path_to_dir" <source-user> <destination-user>

As an alternative, the system configuration option transferIncomingShares in config.php can be set to true to always transfer incoming shares.

The command line option --transfer-incoming-shares overwrites the config.php option transferIncomingShares. For example, 'transferIncomingShares => true can be overwritten by:

sudo -u www-data php occ files:transfer-ownership --transfer-incoming-shares=0 <source-user> <destination-user>

Users may also transfer files or folders selectively by themselves. See user documentation for details.

Files Sharing

Commands for handling shares:

sharing
 sharing:cleanup-remote-storages  Cleanup shared storage entries that have no matching entry in the shares_external table
 sharing:expiration-notification  Notify share initiators when a share will expire the next day
 sharing:delete-orphan-shares     Delete shares where the owner no longer has access to the file or the file is not available anymore

Files external

These commands are used for managing Nextcloud’s External Storage feature. In addition to replicating the configuration capabilities in the Web UI, additional capabilities include exporting / importing configurations, scanning External Storage mounts that require login credentials, and configuring update notifications (if supported by the storage type).

Note

These commands are only available when the “External storage support” app (files_external) is enabled.

Available commands for the “files_external” namespace:

files_external:applicable  Manage applicable users and groups for a mount
files_external:backends    Show available authentication and storage backends
files_external:config      Manage backend configuration for a mount
files_external:create      Create a new mount configuration
files_external:delete      Delete an external mount
files_external:export      Export mount configurations
files_external:import      Import mount configurations
files_external:list        List configured admin or personal mounts
files_external:notify      Listen for active update notifications for a configured external mount
files_external:option      Manage mount options for a mount
files_external:scan        Scan an external storage for changed files
files_external:verify      Verify mount configuration

files_external:scan provides the ability to provide a username and/or password for cases where login credentials are used.

Use files_external:export to export all admin mounts to stdout, and files_external:export [user_id] to export the mounts of the specified Nextcloud user.

Use files_external:import [filename] to import legacy JSON configurations, and to copy external mount configurations to another Nextcloud server.

Integrity check

Apps which have a Featured tag MUST be code signed with Nextcloud. Unsigned featured apps won’t be installable anymore. Code signing is optional for all third-party applications:

integrity
 integrity:check-app                 Check app integrity using a signature.
 integrity:check-core                Check core integrity using a signature.
 integrity:sign-app                  Signs an app using a private key.
 integrity:sign-core                 Sign core using a private key

After creating your signing key, sign your app like this example:

sudo -u www-data php occ integrity:sign-app --privateKey=/Users/lukasreschke/contacts.key --certificate=/Users/lukasreschke/CA/contacts.crt --path=/Users/lukasreschke/Programming/contacts

Verify your app:

sudo -u www-data php occ integrity:check-app --path=/pathto/app appname

When it returns nothing, your app is signed correctly. When it returns a message then there is an error. See Code Signing in the Developer manual for more detailed information.

integrity:sign-core is for Nextcloud core developers only.

See Code signing to learn more.

l10n, create JavaScript translation files for apps

This command is for app developers to update their translation mechanism from ownCloud 7 to Nextcloud.

LDAP commands

Note

These commands are only available when the “LDAP user and group backend” app (user_ldap) is enabled.

These LDAP commands appear only when you have enabled the LDAP app. Then you can run the following LDAP commands with occ:

ldap
 ldap:check-user               checks whether a user exists on LDAP.
 ldap:check-group              checks whether a group exists on LDAP.
 ldap:create-empty-config      creates an empty LDAP configuration
 ldap:delete-config            deletes an existing LDAP configuration
 ldap:search                   executes a user or group search
 ldap:set-config               modifies an LDAP configuration
 ldap:show-config              shows the LDAP configuration
 ldap:show-remnants            shows which users are not available on
                               LDAP anymore, but have remnants in
                               Nextcloud.
 ldap:test-config              tests an LDAP configuration

Search for an LDAP user, using this syntax:

sudo -u www-data php occ ldap:search [--group] [--offset="..."]
[--limit="..."] search

Searches will match at the beginning of the attribute value only. This example searches for givenNames that start with “rob”:

sudo -u www-data php occ ldap:search "rob"

This will find robbie, roberta, and robin. Broaden the search to find, for example, jeroboam with the asterisk wildcard:

sudo -u www-data php occ ldap:search "*rob"

User search attributes are set with ldap:set-config (below). For example, if your search attributes are givenName and sn you can find users by first name + last name very quickly. For example, you’ll find Terri Hanson by searching for te ha. Trailing whitespaces are ignored.

Check if an LDAP user exists. This works only if the Nextcloud server is connected to an LDAP server:

sudo -u www-data php occ ldap:check-user robert

ldap:check-user will not run a check when it finds a disabled LDAP connection. This prevents users that exist on disabled LDAP connections from being marked as deleted. If you know for certain that the user you are searching for is not in one of the disabled connections, and exists on an active connection, use the --force option to force it to check all active LDAP connections:

sudo -u www-data php occ ldap:check-user --force robert

ldap:check-group checks whether a group still exists in the LDAP directory. Use with --update to update the group membership cache on the Nextcloud side:

sudo -u www-data php occ ldap:check-group --update mygroup

ldap:create-empty-config creates an empty LDAP configuration. The first one you create has configID s01, and all subsequent configurations that you create are automatically assigned IDs:

sudo -u www-data php occ ldap:create-empty-config
   Created new configuration with configID 's01'

Then you can list and view your configurations:

sudo -u www-data php occ ldap:show-config

And view the configuration for a single configID:

sudo -u www-data php occ ldap:show-config s01

ldap:delete-config [configID] deletes an existing LDAP configuration:

sudo -u www-data php occ ldap:delete  s01
Deleted configuration with configID 's01'

The ldap:set-config command is for manipulating configurations, like this example that sets search attributes:

sudo -u www-data php occ ldap:set-config s01 ldapAttributesForUserSearch
"cn;givenname;sn;displayname;mail"

ldap:test-config tests whether your configuration is correct and can bind to the server:

sudo -u www-data php occ ldap:test-config s01
The configuration is valid and the connection could be established!

ldap:show-remnants is for cleaning up the LDAP mappings table, and is documented in LDAP user cleanup.

Logging commands

These commands view and configure your Nextcloud logging preferences:

log
 log:file        manipulate Nextcloud logging backend
 log:manage      manage logging configuration
 log:tail        tail the nextcloud logfile [requires app "Log Reader" to be enabled]
 log:watch       watch the nextcloud logfile live [requires app "Log Reader" to be enabled]

Run log:file [--] [--enable] [--file] [--rotate-size] to see your current logging status:

sudo -u www-data php occ log:file
Log backend Nextcloud: enabled
Log file: /opt/nextcloud/data/nextcloud.log
Rotate at: disabled
  • --enable turns on logging.

  • --file sets a different log file path.

  • --rotate-size sets your rotation by log file size in bytes with; 0 disables rotation.

log:manage [--backend] [--level] [--timezone] sets your logging backend, log level, and timezone. The defaults are file, warning, and UTC. Available options are:

Maintenance commands

Use these commands when you upgrade Nextcloud, manage encryption, perform backups and other tasks that require locking users out until you are finished:

maintenance
 maintenance:data-fingerprint        update the systems data-fingerprint after a backup is restored
 maintenance:mimetype:update-db      Update database mimetypes and update filecache
 maintenance:mimetype:update-js      Update mimetypelist.js
 maintenance:mode                    set maintenance mode
 maintenance:repair                  repair this installation
 maintenance:theme:update            Apply custom theme changes
 maintenance:update:htaccess         Updates the .htaccess file
 maintenance:repair-share-owner      Fix some shares owner if it felt out of sync

maintenance:mode locks the sessions of all logged-in users, including administrators, and displays a status screen warning that the server is in maintenance mode. Users who are not already logged in cannot log in until maintenance mode is turned off. When you take the server out of maintenance mode logged-in users must refresh their Web browsers to continue working:

sudo -u www-data php occ maintenance:mode --on
sudo -u www-data php occ maintenance:mode --off

After restoring a backup of your data directory or the database, you should always call maintenance:data-fingerprint once. This changes the ETag for all files in the communication with sync clients, allowing them to realize a file was modified.

The maintenance:repair command runs automatically during upgrades to clean up the database, so while you can run it manually there usually isn’t a need to:

sudo -u www-data php occ maintenance:repair

maintenance:mimetype:update-db updates the Nextcloud database and file cache with changed mimetypes found in config/mimetypemapping.json. Run this command after modifying config/mimetypemapping.json. If you change a mimetype, run maintenance:mimetype:update-db --repair-filecache to apply the change to existing files.

Run the maintenance:theme:update command if the icons of your custom theme are not updated correctly. This updates the mimetypelist.js and clears the image cache.

Security

Use these commands to manage server-wide security related parameters. Currently this includes Brute force protection and SSL certificates (the latter are useful when creating federation connections with other Nextcloud servers that use self-signed certificates:

security
 security:bruteforce:attempts  show bruteforce attempts status for a given IP address
 security:bruteforce:reset     resets bruteforce attempts for a given IP address
 security:certificates         list trusted certificates
 security:certificates:import  import trusted certificate
 security:certificates:remove  remove trusted certificate

Reset an IP:

sudo -u www-data php occ security:bruteforce:reset [IP address]

This example lists your installed certificates:

sudo -u www-data php occ security:certificates

Import a new certificate:

sudo -u www-data php occ security:certificates:import /path/to/certificate

Remove a certificate:

sudo -u www-data php occ security:certificates:remove [certificate name]

Status

Use the status command to retrieve information about the current installation:

$ sudo -u www-data php occ status
  - installed: true
  - version: 25.0.2.3
  - versionstring: 25.0.2
  - edition:
  - maintenance: false
  - needsDbUpgrade: false
  - productname: Nextcloud
  - extendedSupport: false

This information can also be formatted via JSON instead of plain text:

$ php occ status --output=json_pretty
{
    "installed": true,
    "version": "25.0.2.3",
    "versionstring": "25.0.2",
    "edition": "",
    "maintenance": false,
    "needsDbUpgrade": false,
    "productname": "Nextcloud",
    "extendedSupport": false
}

Status return code

And finally, the -e (for exit code) parameter can be used to check the state of the nextcloud installation via return code:

$ php occ status -e
$ echo $?
0
$ php occ maintenance:mode --on
Maintenance mode enabled
$ php occ status -e
$ echo $?
1
$ php occ maintenance:mode --off
Maintenance mode disabled
$ php occ status -e
$ echo $?
0

Note that by default there is no output when run with -e. This is intentional, so it can be used in scripts, monitoring checks, and systemd units.

Return code

Description

0

normal operation

1

maintenance mode is enabled; the instance is currently unavailable to users.

2

php occ upgrade is required

Trashbin

These commands allow for manually managing various aspects of the trash bin (deleted files):

trashbin
 trashbin:cleanup      Permanently remove deleted files
 trashbin:expire       Expires the users trashbin
 trashbin:size         Configure the target trashbin size
 trashbin:restore      Restore all deleted files according to the given filters

Note

These commands are only available when the “Deleted files” app (files_trashbin) is enabled.

The trashbin:cleanup  [--all-users] [--] [<user_id>...] command removes the deleted files of the specified users in a space-delimited list, or all users if –all-users is specified.

This example permanently removes the deleted files of all users:

sudo -u www-data php occ trashbin:cleanup --all-users
Remove all deleted files for all users
Remove deleted files for users on backend Database
 freda
 molly
 stash
 rosa
 edward

This example permanently removes the deleted files of users molly and freda:

sudo -u www-data php occ trashbin:cleanup molly freda
Remove deleted files of   molly
Remove deleted files of   freda

The trashbin:restore  [--all-users] [--scope[=SCOPE]] [--since[=SINCE]] [--until[=UNTIL]] [--dry-run] [--] [<user_id>...] command restores the deleted files of the specified users in a space-delimited list, or all users if –all-users is specified.

This example restores the deleted user-files of all users:

sudo -u www-data php occ trashbin:restore --all-users

This example restores the deleted user-files of users molly and freda:

sudo -u www-data php occ trashbin:restore molly freda

The --scope option can be used to limit the restore to a specific scope. Possible values are “user”, “groupfolders” or “all” [default: “user”].

This example restores the deleted files of all groupfolders which are visible to the user freda:

sudo -u www-data php occ trashbin:restore --scope groupfolders freda

The --since and --until options can be used to limit the restore to files deleted inside of the given time period.

This example restores the locally deleted files and files of any groupfolders which are visible to the user freda. Additionally the files have to be deleted between 01.08.2023 11:55:22 and 02.08.2023 01:33:

sudo -u www-data php occ trashbin:restore --scope all --since "01.08.2023 11:55:22" --until "02.08.2023 01:33" freda

The --dry-run option can be used to simulate the restore without actually restoring the files.

Note

You can use the verbose options (-v or -vv) to get more information about the restore process and why some files might be skipped.

User commands

The user commands create and remove users, reset passwords, manage authentication tokens / sessions, display a simple report showing how many users you have, and when a user was last logged in:

user
 user:add                            adds a user
 user:add-app-password               adds a app password named "cli" (deprecated: alias for user:auth-tokens:add)
 user:auth-tokens:add                Add app password for the named account
 user:auth-tokens:delete             Deletes an authentication token
 user:auth-tokens:list               List authentication tokens of an user
 user:clear-avatar-cache             clear avatar cache
 user:delete                         deletes the specified user
 user:disable                        disables the specified user
 user:enable                         enables the specified user
 user:info                           shows information about the specific user
 user:keys:verify                    Verify if the stored public key matches the stored private key
 user:lastseen                       shows when the user was logged in last time
 user:list                           shows list of all registered users
 user:report                         shows how many users have access
 user:resetpassword                  Resets the password of the named user
 user:setting                        Read and modify user settings
 user:keys:verify                    Verify that the stored public key matches
                                     the stored private key

user:add

You can create a new user with their display name, login name, and any group memberships with the user:add command. The syntax is:

user:add [--password-from-env] [--generate-password] [--display-name[="..."]] [-g|--group[="..."]] [--email EMAIL]
uid

The display-name corresponds to the Full Name on the Users page in your Nextcloud Web UI, and the uid is their Username, which is their login name. This example adds new user Layla Smith, and adds them to the users and db-admins groups. Any groups that do not exist are created:

sudo -u www-data php occ user:add --display-name="Layla Smith"
  --group="users" --group="db-admins" layla
  Enter password:
  Confirm password:
  The user "layla" was created successfully
  Display name set to "Layla Smith"
  User "layla" added to group "users"
  User "layla" added to group "db-admins"

Go to your Users page, and you will see your new user.

password-from-env allows you to set the user’s password from an environment variable. This prevents the password from being exposed to all users via the process list, and will only be visible in the history of the user (root) running the command. This also permits creating scripts for adding multiple new users.

To use password-from-env you must run as “real” root, rather than sudo, because sudo strips environment variables. This example adds new user Fred Jones:

export OC_PASS=newpassword
su -s /bin/sh www-data -c 'php occ user:add --password-from-env
  --display-name="Fred Jones" --group="users" fred'
The user "fred" was created successfully
Display name set to "Fred Jones"
User "fred" added to group "users"

generate-password allows you to set a securely generated password for the user. This is never shown in the output and can be used to create users with temporary passwords. This can be used in conjunction with the email option to create users with a temporary password and send a welcome email to the user’s email address without user interaction:

sudo -u www-data php occ user:add layla --generate-password --email layla@example.tld
  The account "layla" was created successfully
  Welcome email sent to layla@example.tld

The email option allows you to set the user’s email address when creating the user. A welcome email will be sent to the user’s email address if newUser.sendEmail is set to yes in core’s app config or not set at all:

sudo -u www-data php occ user:add layla --email layla@example.tld
  Enter password:
  Confirm password:
  The account "layla" was created successfully
  Welcome email sent to layla@example.tld

user:resetpassword

You can reset any user’s password, including administrators (see Resetting a lost admin password):

sudo -u www-data php occ user:resetpassword layla
  Enter a new password:
  Confirm the new password:
  Successfully reset password for layla

You may also use password-from-env to reset passwords:

export OC_PASS=newpassword
su -s /bin/sh www-data -c 'php occ user:resetpassword --password-from-env
  layla'
  Successfully reset password for layla

user:delete

You can delete users:

sudo -u www-data php occ user:delete fred

user:lastseen

View a specific user’s most recent login:

sudo -u www-data php occ user:lastseen layla
  layla's last login: 2024-03-20 17:18

View a list of all users’ most recent login:

sudo -u www-data php occ user:lastseen --all
  albert's last login: 2024-03-18 10:30
  bob has never logged in.
  layla's last login: 2024-03-20 17:18
  stephanie's last login: 2024-01-11 13:26

user:setting

Read user settings:

sudo -u www-data php occ user:setting layla
  - core:
    - lang: en
  - login:
    - lastLogin: 1465910968
  - settings:
    - email: layla@example.tld

Filter by app:

sudo -u www-data php occ user:setting layla core
  - core:
    - lang: en

Get a single setting:

sudo -u www-data php occ user:setting layla core lang
en

Set a setting:

sudo -u www-data php occ user:setting layla settings email "new-layla@example.tld"

Delete a setting:

sudo -u www-data php occ user:setting layla settings email --delete

user:report

Generate a simple report that counts all users, including users on external user authentication servers such as LDAP:

sudo -u www-data php occ user:report
+------------------+----+
| User Report      |    |
+------------------+----+
| Database         | 12 |
| LDAP             | 86 |
|                  |    |
| total users      | 98 |
|                  |    |
| user directories | 2  |
| active users     | 15 |
| disabled users   | 0  |
+------------------+----+

active users shows the number of users which logged in at least once. disabled users shows the number of users which are disabled.

There might be a discrepancy between the total number of users compared to the number of active users and the number of disabled users. Users that have never logged in before are not counted as active or disabled users. Some user backends also do not allow a count for the number of users.

user:list

You can use the command user:list to list users. By default it will limit the output to 500 users but you can override that with options --limit and --offset. Use --disabled to only list disabled users.

Group commands

The group commands create and remove groups, add and remove users in groups, display a list of all users in a group:

group
 group:add                           add a group
 group:delete                        remove a group
 group:adduser                       add a user to a group
 group:removeuser                    remove a user from a group
 group:list                          list configured groups

You can create a new group with the group:add command. The syntax is:

group:add [gid]

The gid corresponds to the group name you entering after clicking “Add group” on the Users page in your Nextcloud Web UI. This example adds new group “beer”:

sudo -u www-data php occ group:add beer

Add an existing user to the specified group with the group:adduser command. The syntax is:

group:adduser [gid] [uid]

This example adds the user “denis” to the existing group “beer”:

sudo -u www-data php occ group:adduser beer denis

You can remove user from the group with the group:removeuser command. This example removes the existing user “denis” from the existing group “beer”:

sudo -u www-data php occ group:removeuser beer denis

Remove a group with the group:delete command. Removing a group doesn’t remove users in a group. You cannot remove the “admin” group. This example removes the existing group “beer”:

sudo -u www-data php occ group:delete beer

List configured groups via the group:list command. The syntax is:

group:list [-l|--limit [LIMIT]] [-o|--offset [OFFSET]] [-i|--info] [--output [OUTPUT]]

limit allows you to specify the number of groups to retrieve (default: 500).

offset is an offset for retrieving groups.

info Show additional info (backend).

output Output format: plain, json or json_pretty (default: plain).

Versions

Note

This command is only available when the “Versions” app (files_versions) is enabled.

Use this command to delete file versions for specific users, or for all users when none are specified:

versions
 versions:cleanup   Delete versions
 versions:expire    Expires the users file versions

This example deletes all versions for all users:

sudo -u www-data php occ versions:cleanup
Delete all versions
Delete versions for users on backend Database
  freda
  molly
  stash
  rosa
  edward

You can delete versions for specific users in a space-delimited list:

sudo -u www-data php occ versions:cleanup freda molly
Delete versions of   freda
Delete versions of   molly

Command line installation

These commands are available only after you have downloaded and unpacked the Nextcloud archive, and taken no further installation steps.

You can install Nextcloud entirely from the command line. After downloading the tarball and copying Nextcloud into the appropriate directories you can use occ commands in place of running the graphical Installation Wizard.

Then choose your occ options. This lists your available options:

sudo -u www-data php /var/www/nextcloud/occ
Nextcloud is not installed - only a limited number of commands are available
Nextcloud version 19.0.0

Usage:
 [options] command [arguments]

Options:
 --help (-h)           Display this help message
 --quiet (-q)          Do not output any message
 --verbose (-v|vv|vvv) Increase the verbosity of messages: 1 for normal
 output,  2 for more verbose output and 3 for debug
 --version (-V)        Display this application version
 --ansi                Force ANSI output
 --no-ansi             Disable ANSI output
 --no-interaction (-n) Do not ask any interactive question

Available commands:
 check                 check dependencies of the server environment
 help                  Displays help for a command
 list                  Lists commands
 status                show some status information
 app
 l10n
 l10n:createjs         Create javascript translation files for a given app
 maintenance
 maintenance:install   install Nextcloud

Display your maintenance:install options:

sudo -u www-data php occ help maintenance:install
Nextcloud is not installed - only a limited number of commands are available
Usage:
 maintenance:install [--database="..."] [--database-name="..."]
[--database-host="..."] [--database-user="..."] [--database-pass[="..."]]
[--database-table-prefix[="..."]] [--admin-user="..."] [--admin-pass="..."]
[--data-dir="..."]

Options:
 --database               Supported database type (default: "sqlite")
 --database-name          Name of the database
 --database-host          Hostname of the database (default: "localhost")
 --database-user          User name to connect to the database
 --database-pass          Password of the database user
 --admin-user             User name of the admin account (default: "admin")
 --admin-pass             Password of the admin account
 --data-dir               Path to data directory (default:
                          "/var/www/nextcloud/data")
 --help (-h)              Display this help message
 --quiet (-q)             Do not output any message
 --verbose (-v|vv|vvv)    Increase the verbosity of messages: 1 for normal
  output, 2 for more verbose output and 3 for debug
 --version (-V)           Display this application version
 --ansi                   Force ANSI output
 --no-ansi                Disable ANSI output
 --no-interaction (-n)    Do not ask any interactive question

This example completes the installation:

cd /var/www/nextcloud/
sudo -u www-data php occ maintenance:install --database
"mysql" --database-name "nextcloud"  --database-user "root" --database-pass
"password" --admin-user "admin" --admin-pass "password"
Nextcloud is not installed - only a limited number of commands are available
Nextcloud was successfully installed

Supported databases are:

- sqlite (SQLite3 - Nextcloud Community edition only)
- mysql (MySQL/MariaDB)
- pgsql (PostgreSQL)
- oci (Oracle - Nextcloud Enterprise edition only)

Command line upgrade

These commands are available only after you have downloaded upgraded packages or tar archives, and before you complete the upgrade.

List all options, like this example on CentOS Linux:

sudo -u apache php occ upgrade -h
Usage:
upgrade [--quiet]

Options:
--help (-h)            Display this help message.
--quiet (-q)           Do not output any message.
--verbose (-v|vv|vvv)  Increase the verbosity of messages: 1 for normal output,
  2 for more verbose output and 3 for debug.
--version (-V)         Display this application version.
--ansi                 Force ANSI output.
--no-ansi              Disable ANSI output.
--no-interaction (-n)  Do not ask any interactive question

When you are performing an update or upgrade on your Nextcloud server (see the Maintenance section of this manual), it is better to use occ to perform the database upgrade step, rather than the Web GUI, in order to avoid timeouts. PHP scripts invoked from the Web interface are limited to 3600 seconds. In larger environments this may not be enough, leaving the system in an inconsistent state. After performing all the preliminary steps (see How to upgrade) use this command to upgrade your databases, like this example on CentOS Linux. Note how it details the steps:

sudo -u www-data php occ upgrade
Nextcloud or one of the apps require upgrade - only a limited number of
commands are available
Turned on maintenance mode
Checked database schema update
Checked database schema update for apps
Updated database
Updating <gallery> ...
Updated <gallery> to 0.6.1
Updating <activity> ...
Updated <activity> to 2.1.0
Update successful
Turned off maintenance mode

Enabling verbosity displays timestamps:

sudo -u www-data php occ upgrade -v
Nextcloud or one of the apps require upgrade - only a limited number of commands are available
2015-06-23T09:06:15+0000 Turned on maintenance mode
2015-06-23T09:06:15+0000 Checked database schema update
2015-06-23T09:06:15+0000 Checked database schema update for apps
2015-06-23T09:06:15+0000 Updated database
2015-06-23T09:06:15+0000 Updated <files_sharing> to 0.6.6
2015-06-23T09:06:15+0000 Update successful
2015-06-23T09:06:15+0000 Turned off maintenance mode

If there is an error it throws an exception, and the error is detailed in your Nextcloud logfile, so you can use the log output to figure out what went wrong, or to use in a bug report:

Turned on maintenance mode
Checked database schema update
Checked database schema update for apps
Updated database
Updating <files_sharing> ...
Exception
ServerNotAvailableException: LDAP server is not available
Update failed
Turned off maintenance mode

Two-factor authentication

If a two-factor provider app is enabled, it is enabled for all users by default (though the provider can decide whether or not the user has to pass the challenge). In the case of a user losing access to the second factor (e.g. lost phone with two-factor SMS verification), the admin can try to disable the two-factor check for that user via the occ command:

sudo -u www-data php occ twofactorauth:disable <uid> <provider_id>

Note

This is not supported by all providers.

To re-enable two-factor auth again use the following command:

sudo -u www-data php occ twofactorauth:enable <uid> <provider_id>

Note

This is not supported by all providers.

Disable users

Admins can disable users via the occ command too:

sudo -u www-data php occ user:disable <username>

Use the following command to enable the user again:

sudo -u www-data php occ user:enable <username>

Note that once users are disabled, their connected browsers will be disconnected.

System Tags

List tags:

sudo -u www-data php occ tag:list

Add a tag:

sudo -u www-data php occ tag:add <name> <access>

Edit a tag:

sudo -u www-data php occ tag:edit --name <name> --access <access> <id>

–name and –access are optional.

Delete a tag:

sudo -u www-data php occ tag:delete <id>

Access level

Level

Visible¹

Assignable²

public

Yes

Yes

restricted

Yes

No

invisible

No

No

¹ User can see the tag
² User can assign the tag to a file

Antivirus

Get info about files in the scan queue:

sudo -u www php occ files_antivirus:status [-v]

Manually trigger the background scan:

sudo -u www php occ files_antivirus:background-scan [-v] [-m MAX]

Manually scan a single file:

sudo -u www php occ files_antivirus:scan <path>

Mark a file as scanned or unscanned:

sudo -u www php occ files_antivirus:mark <path> <scanned|unscanned>

Setupchecks

Run the setupchecks via occ:

sudo -u www php occ setupchecks

Example output:

dav:
  ✓ DAV system address book: No outstanding DAV system address book sync.
network:
  ✓ WebDAV endpoint: Your web server is properly set up to allow file synchronization over WebDAV.
  ✓ Data directory protected
  ✓ Internet connectivity
  ...

Debugging

In certain situations it’s necessary to generate debugging information, e.g. before submitting a bug report. You can run occ with debug logging:

sudo -u www-data NC_loglevel=0 php occ -h