Why should the odoo user have root access ?

[selimb86]

Hello,

First of all thank you for this great install script.

I don't understand why should the odoo user have root accesses on the machine, can you please provide an explication.

InstallScript/odoo_install.sh

Line 104 in 974c01e

#The user should also be added to the sudo'ers group.

Regards,

[Yenthe666]

Hi @slimit,

Basically for all the sudo command calls to execute without password confirmation dialogs and to have all rights out of the box. Otherwise it would involve more handling or knowledge to do it right.

[chris001]

I think root is required for the script to install binary debian package on the system, which are required to run odoo. Packages like postgresql and wkhtmltox. And executing createuser, etc.

After the script completes the install, while the odoo service is running normally on the system, it might be possible to remove the odoo user from the sudo'ers group. For better security. So that a hole in odoo code could not be exploited to easily gain root on the system.

[Yenthe666]

Hmm, perhaps it can be removed from the root group yes. This would need to be tested though, I'm not sure what consequences it gives.

[selimb86]

I understand that it is just a workaround to guarantee that the odoo user has all permissions but as I see in the script you haven't switched to the created odoo user, so I think that it can be removed from the script, but we have to test it to see the consequences.

Anyway I just wanted to know if Odoo needed it.

[chris001]

Yes I agree, when odoo service is running, it should run under odoo user. And give odoo user only the required permissions, not root permissions. This is the secure way.

[Yenthe666]

Yeah, whenever I have time I should check what exactly happens when I remove the sudo-ers groep.