Cloud storage is steadily gaining popularity. Data can be stored centrally and synchronized over multiple computers, shared with colleagues and friends, or made fully accessible to anyone. On the tail of the NSA wiretapping scandal, many users are asking themselves whether their cloud data is truly in good hands. Others consider what might happen to their data if a supplier goes bankrupt or is bought up. Others still, especially operators of their own servers, see no reason to pay for storage while they have enough of their own unused space.

The free alternatives ownCloud [1] and Seafile [2] are targeted to the latter group. While ownCloud overwhelms with tons of functionalities, Seafile concentrates only on storing, providing, and synchronizing data on the network.

Seafile was originally developed by the Chinese firm Seafile Ltd. The application is under GPLv3 licensing and is largely implemented in C and Python. The Seafile server is available as source code and binary download for Ubuntu. Together with a network daemon, it provides its own HTTP server and a Django 1.5-based Framework administration interface called Seahub. Seafile clients are available for Linux, Mac OS, X, Windows, Android, and iOS.

The data to synchronize are stored in "libraries," and you can synchronize multiple directories on a computer with the server and keep different directories on multiple machines in the same state across the online hard drive. If a user has the Private and Work libraries, for example, she can use the former to synchronize data entities on her home computer and mobile devices. She can then open up the Work library to her workmates.

Installation

At the moment of writing, the Seafile server is currently in version 1.8.5. To begin, download the current version's tar.gz from the project website and unpack it. You also may need to install some Python packages and their dependencies. Apart from Python 2.6 or 2.7, the developers also reference the python-setuptools, python-webpy, python-simplejson, and python-imaging libraries. You will also need to install sqlite3.

Because the installation process creates several subdirectories, the developers recommend extracting the archive into a separate directory. You then run the setup-seafile.sh file contained in the newly created seafile-server-1.8.5 directory.

The script then requests you to enter some configuration entries, for example, on which port Seafile and its related web interface listens and in which directory it stores user data (Figure 1). After that, you can start the services with the following commands. Because Seafile uses privileged ports, root privileges (sudo) are required.

$ /<seafile_path>/seafile.sh start
$ /<seafile_path>/seahub.sh start

Figure 1: Seafile comes with the clear Seahub web interface created by the data collector's configuration.

The ports specified in the configuration should now open, usually ports 8000, 8082, 10001, and 12001, which provide the Seahub application interface and the Seafile HTTP server via the browser.

Seahub (port 8000) provides a clear interface (Figure 1), although the Seafile HTTP server presents an empty browser window. If an error occurs, use ps to check whether the applications are running or a firewall is blocking the private cloud storage. Listing 1 shows how to unlock the ports in iptables.

#Iptables-Rules for Seafile
iptables -A INPUT -p tcp -m multiport --dports 8000,8082,10001,12001 \
         -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A output -p tcp -m multiport --sports 8000,8082,10001,12001 \
         -m state --state ESTABLISHED -j ACCEPT

Client Installation

To make Seafile useful, you need the corresponding client software. The Seafile project provides the command-line version as a tarball download [4]. The Seafile configuration data needs a separate directory. A separate folder is also recommended for the online hard drive itself, but isn't absolutely necessary. You can add both with the following command:

$ mkdir ~/.seafile-client ~/seafile-sync_dir

To make the client compatible with the configuration folder after unpacking it, you need to initialize it using the following command:

$ /<client_path>/seaf-cli init -d ~/.seafile-client

The init process creates a .ccnet directory with configuration data for keys, the directory to synchronize, and the connectivity structure with server. The client later stores database and configuration data it needs for synchronization in .seafile-client. You then start the Seafile and Ccnet daemon with the following command:

$ /<client_path>/seaf-cli start

The Seaf-cli command-line client currently understands eight commands (Table 1).

Not all worked in my test, and certain libraries couldn't be downloaded or recreated. Also a command to show the library IDs is missing, which often requires logging in to the Seahub web front end. Apart from the subcommands, the command line client requires additional parameters for many actions (see Table 2).

For example, to fetch the Documents library from the server to the local computer, use the following command structure:

$ seaf-cli download -l <library_ID> -s http[s]://<server> -d <sync_folder>

The library_ID can be read from the Seahub interface, where it appears as a repo_ID in the corresponding library links. To move an existing directory to private online storage, use the following command structure:

$ seaf-cli sync -l <library-ID> -s http[s]://<server> -d <folder>

To do this, you must have previously applied the library through the web interface. The seaf-cli status command shows how synchronization is progressing. The seaf-cli list displays which local directories are synchronized with the online libraries.

Graphical Client

The graphical client makes the settings even easier. However, it's available only for Ubuntu and its derivatives as a binary package, whereas users of other distributions need to rely on a compiler.

After the installation has finished, the software prompts for the data directory before the first Seafile applet startup. Seafile will create this directory automatically and inserts an icon into the task list (Figure 2).

Figure 2: The Seafile graphical client applet prompts for all necessary information.

This client can't provide ways to create libraries or query them from the server either, but it does provide a quick Seahub interface download or synchronization with an existing directory. Like the command-line version, the graphical Seafile client starts its own HTTP server, but it uses port 13420 instead of 13419. To list local libraries, interrupt synchronization, change server addresses, or transfer encrypted files, the client uses a web browser.

Seahub Interface

The web-based Seahub interface allows you not only to create libraries but also to delete, publish, and manage their content. You can also create and remove work groups, create contact lists, and edit files online.

Users registered as administrators can add and delete users, reset passwords, and grant and remove administrative rights (Figure 3). Along with user administration, admins can delete groups or libraries of other users and post notifications that can subsequently appear to all users.

Figure 3: In the Seahub admin area, you can manage users, libraries, and groups, but you can't request library content.

Libraries

As a normal Seafile user, you have control over your personal work space. By default, after login you get an overview of the libraries whereby you can create new ones. A tab shows the shared libraries from other users for which have you have read or write privileges (Figure 4). The third library tab shows your favorite files.

Figure 4: Shared libraries of other users can be found on the "Shares" tab.

Libraries correspond to folders that, as mentioned earlier, you can download separately and synchronize. You can have many libraries that you can organize into separate directories on your computer. You create a new library by clicking the corresponding button, which opens a small overlay window that prompts you for the library's name and description.

You can encrypt the libraries when created with the AES-128 standard. Note that a library cannot be encrypted once it has been created unencrypted. Simply check off the matching box and then enter the password twice. The password isn't stored on the server; it stays with the user and all others with access to the library. Note that you cannot change the password later.

When you move the mouse pointer over a library link, the browser shows its corresponding ID that you need for the command-line client in the URL field. If you use the graphical client instead, simply click Download to synchronize the desired library with the local database. The library overview also lets you provide a library to other users or delete it.

You can create new files and folders on the server, upload files without the client, or manage individual files within an open library. You can download, share, update, delete, rename, move, and copy them (Figure 5). Unlike shared libraries, participants of shared files have no IDs. Instead, they get a link sent by email that lets them download the file or open a folder. Files in encrypted libraries don't follow the same plan. The application also lets you display a file's edit history and restore previous states.

Figure 5: Seahub provides numerous folder and file operations, even without a running client.

Seafile stores processing not only for individual files but also for whole libraries. The tool creates a snapshot after each change, which allows you to restore previous states at any time. You can change the process in the library settings, shut it down completely, or limit it to a certain number of days.

Groups

Seafile is ideal as collaborative tool. The group function lets you manage different user circles, share libraries, and send notifications with ease. Using the appropriate tab, users can create groups and view the ones to which they belong. These are incorporated into the home screen of the Seafile workspace on the right of the screen.

Clicking an existing group enables sharing libraries or wikis, starting a discussion, blending in the member list, or administering the group. You can add members and admins, providing them easy access to libraries (Figure 6).

Figure 6: You can share libraries with group members with a single click.

Shares

To share libraries with other team members, click the Share button of the relevant library, which you can use for groups as well as single members. To share files with individuals, each individual must have a Seafile account. If you specify the all keyword, you can share the library with all Seafile users.

Created shares appear on the like-named tab of the Seahub workspace. A single click is enough to clear the shares.

You can manage sharing individual files in the same way. Other users can see the shared libraries by using Start | Libraries | Shares.

Organization and Contacts

The Organization heading contains the public libraries, groups, and members that the Seafile server hosts; their numbers are indicated on the right of the screen. Although normal users can create only their own groups and public libraries, the user space is different: Individual users can add their own contacts (Figure 7).

Figure 7: You can add other users with a click or share them with your contacts.

In this way, you can send messages from Seafile to your circle of contacts (Figure 8) or set up shares. Sharing libraries with others automatically makes them contacts. Users can view the header line for incoming messages.

Figure 8: You can can send messages to team members or your contacts.

Quotas

Seafile provides quota control, which lets you specify how much storage space each user has available. To make assigning quotas simple, you are advised to create a special seafile-user with limited disk space and start the service using its rights (Listing 2). This prevents server memory from filling unexpectedly if users suddenly demand a lot of storage.

# create new user
$ sudo useradd seafile-user
# home-partition in /etc/fstab with option
# "usrjquota=aquota.user,grpjquota=aquota.group,jqfmt=vfsv0"
# or "usrquota,grpquota"
# in root directory of monitored partition:
$ sudo mount /<Mountpoint> -o remount
$ sudo quotacheck -cmugv /<mountpoint>
# set partition block size
$ sudo tune2fs -l /<mountpoint>
# soft, hard limits and grace period for
# seafile-user, 0=no limit
# blocks = allowable size / blocksize
$ sudo edquota -u seafile-user
$ sudo edquota -t
# activate quota
$ sudo quotaon -a
# check quota
$ sudo quota -u seafile-user

Encrypted Transfers

Trusting the files on your online drive to the server necessarily means being sure that they do not get diverted somewhere along the way.

As of Seafile 1.7, the desktop clients encrypt the file transfers by default with the AES-128 algorithm. However, that feature is not particularly helpful if you're lacking the graphical interface and are dependent on the command-line client.

Although the Seafile HTTP server supports HTTPS, you need Apache or Nginx as a reverse proxy server for Seahub that delivers encrypted data transfers. Relevant instructions and examples can be found on the Seafile wiki at GitHub [5].

Quick Cleanup

To save storage space, Seafile uses a deduplication technology where different file versions and libraries share the same data block. Deleting such libraries or files does not immediately return memory to the system, causing unused blocks to languish on the server's hard disk and clog it over time. To clean up the space, you can run a garbage collection program now and then. You can find a detailed guide on the Seafile wiki [5].

Conclusion

Although the PHP and MySQL-based ownCloud provides web space, you can't beat having your own server with Seafile implemented in C and Python. Unlike ownCloud, the data exchanger limits itself to the essential functions for online storage and collaboration. Besides separating libraries and files, you can also send messages and combine users into groups.

Because Seafile works with unprivileged ports, it doesn't involve any extra boot privileges at startup. The application is richly documented and currently supports eight languages. The software ran without a problem and remained stable during the multiple weeks of testing and needed to be stopped only once for a software update.

The Seafile client is available for most of the major operating systems. The graphical clients are easy to use and even the command-line client requires only a small learning curve. For those who have found Dropbox and Google Drive too unsafe but still want to share or synchronize files, Seafile is a viable alternative. l