User Management

You may wish to self-host Ente for your family or close circle. In such cases, you may wish to enable administrative access for few users, disable new registrations, manage one-time tokens (OTTs), etc.

This document covers the details on how you can administer users on your server.

Whitelist admins

The administrator users have to be explicitly whitelisted in museum.yaml. You can achieve this the following steps:

Connect to ente_db (the database used for storing data related to Ente).

shell

# Change the DB name and DB user name if you use different
# values.
# If using Docker

docker exec -it <postgres-ente-container-name>
psql -U pguser -d ente_db

# Or when using psql directly
psql -U pguser -d ente_db

Get the user ID of the first user by running the following SQL query:
sql
```
SELECT * from users;
```
Edit internal.admins or internal.admin (if you wish to whitelist only single user) in museum.yaml to add the user ID you wish to whitelist.
- For multiple admins:
yaml
```
internal:
    admins:
        - <user_id>
```
- For single admin:
yaml
```
internal:
    admin: <user_id>
```
Restart Museum by restarting the cluster

Restart your Compose clusters whenever you make changes

If you have edited the Compose file or configuration file (museum.yaml), make sure to recreate the cluster's containers.

You can do this by the following command:

shell

docker compose down && docker compose up -d

Increase storage and account validity

You can use Ente CLI for increasing storage quota and account validity for users on your instance. Check this guide for more information

Handle user verification codes

Ente currently relies on verification codes for completion of registration.

These are accessible in server logs. If using Docker Compose, they can be accessed by running sudo docker compose logs in the cluster folder where Compose file resides.

However, you may wish to streamline this workflow. You can follow one of the 2 methods if you wish to have many users in the system.

Use hardcoded OTTs

You can configure to use hardcoded OTTs only for specific emails, or based on suffix.

A sample configuration for the same is provided below, which is to be used in museum.yaml:

yaml

internal:
    hardcoded-ott:
        emails:
            - "example@example.org,123456"
        local-domain-suffix: "@example.org"
        local-domain-value: 012345

This sets OTT to 123456 for the email address example@example.com and 012345 for emails having @example.com as suffix.

Send email with verification code

You can configure SMTP for sending verification code e-mails to users, if you do not wish to hardcode OTTs and have larger audience.

For more information on configuring email, check out the email configuration section.

Disable registrations

For security purposes, you may choose to disable registrations on your instance. You can disable new registrations by using the following configuration in museum.yaml.

yaml

internal:
    disable-registration: true

User Management ​

Whitelist admins ​

Increase storage and account validity ​

Handle user verification codes ​

Use hardcoded OTTs ​

Send email with verification code ​