Skip to content

User Management Commands

Changing a Password

Running the following in a terminal changes the password of an existing user without affecting other account settings, e.g. if you cannot remember the currently set password or if there was a problem configuring the initial admin account (replace [username] with the username of the account you want to update):

photoprism passwd [username]

Note that when you use Docker Compose and do not already have a terminal session open, you must prepend docker compose exec photoprism so that the command is executed within the photoprism container, for example:

docker compose exec photoprism photoprism passwd admin

This also applies to other terminal commands, including those listed below.

The examples in our documentation use the new docker compose command by default. If your server does not yet support it, you can still use docker-compose or alternatively podman-compose on Red Hat-compatible Linux distributions.

Managing User Accounts

As an alternative to the web user interface, you can run the following commands in a terminal to perform tasks such as adding, viewing, editing and deleting user accounts:

CLI Command Description
photoprism users ls [search] Searches existing user accounts
photoprism users legacy [search] Searches legacy user accounts
photoprism users add [options] [username] Adds a new user account
photoprism users show [username] Displays user account information
photoprism users mod [options] [username] Modifies an existing user account
photoprism users rm [username] Removes a user account
photoprism users reset --yes Removes all accounts and resets the database

Command Options

The add and mod commands support these flags to set or change account properties:

Command Flag Description
--name NAME, -n NAME full NAME for display in the interface
--email EMAIL, -m EMAIL unique EMAIL address of the user
--password PASSWORD, -p PASSWORD PASSWORD for local authentication
--role value, -r value user role NAME (admin, user, viewer or guest) (default: "admin")
--superadmin, -s make user super admin with full access
--no-login, -l disable login on the web interface
--webdav, -w allow to sync files via WebDAV
--upload-path value, -u value upload files to this sub-folder
--disable-2fa deactivate two-factor authentication

Creating a New Account

The command photoprism users add creates a new user account. For example, you could run the following to add a new admin with the username "bob" and the password "mysecret":

docker compose exec photoprism photoprism users add -p mysecret -n "Bob" bob

If you do not specify an initial password with the -p flag, you will be prompted to enter a password for the new account. Further account properties can be set with the flags listed above.

Please note that additional account roles such as user, viewer, and guest are currently only available with a membership to support development and maintenance.

Viewing Account Details

To view the account properties of a specific user, use the show subcommand:

docker compose exec photoprism photoprism users show bob

Searching User Accounts

To list all existing accounts, you can run the following:

docker compose exec photoprism photoprism users ls

With the photoprism users ls command, you can also find specific accounts based on a search term you provide:

docker compose exec photoprism photoprism users ls bob

To display a description and the available options for a command, use the --help flag:

docker compose exec photoprism photoprism users ls --help

Viewing Login Attempts

For security reasons, authentication logs are not visible on the regular web user interface and can only be viewed in the application service logs or searched in a terminal using the the following CLI command:

docker compose exec photoprism photoprism logins ls [search]

Command Options

You can combine it with these flags to change the output format and the maximum number of search results:

Command Flag Description
--md, -m format as machine-readable Markdown
--csv, -c export as semicolon separated values
--tsv, -t export as tab separated values
-n LIMIT LIMIT number of results (default: 100)

Example Report

Client IP User Name Realm Status Last Login Failed At
172.19.0.1 user api OK 2023-02-03 07:17:46
172.19.0.1 viewer api OK 2023-02-03 07:16:55
172.19.0.1 admin api OK 2023-02-03 06:55:06

Run photoprism logins clear to clear all recorded incidents and reset the database to a clean state.

Session Management

You can use the following terminal commands to create, inspect and, if necessary, delete access tokens for the authentication of browsers and other clients (including app passwords):

CLI Command Description
photoprism auth ls [search] Lists currently authenticated users and clients
photoprism auth add [username] Adds a new authentication secret for client applications
photoprism auth show [identifier] Shows detailed information about a session
photoprism auth rm [identifier] Deletes a session by id or access token
photoprism auth reset --yes Resets the authentication of all users and clients

Should you experience problems, for example after upgrading from a previous release or development preview, we recommend running the photoprism auth reset --yes command in a terminal to reset the auth_sessions table to a clean state and force a re-login of all users. Note that this will also delete all client access tokens and any app passwords that users may have created.