Hardcoded openid temp directory
Bug #1040901 reported by
Georges Racinet
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Odoo Addons (MOVED TO GITHUB) |
Fix Released
|
Undecided
|
OpenERP R&D Addons Team 1 |
Bug Description
This is seen on current trunk, although I remember it's not the first time I've come accross it:
OSError: [Errno 13] Permission denied: '/tmp/openerp-
Probably a hardcoded name for this directory leading to that error in multi-user environments.
If true the user name and numeric id should be used to provide robust user differentiation and continue to share accross several processes (e.g., Gunicorn) on the same box without resorting to session affinity.
Related branches
lp:~anybox/openobject-addons/lp1040901
- OpenERP Core Team: Pending requested
-
Diff: 29 lines (+11/-1)1 file modifiedauth_openid/controllers/main.py (+11/-1)
Changed in openobject-addons: | |
status: | New → Fix Committed |
Changed in openobject-addons: | |
assignee: | nobody → OpenERP R&D Addons Team 1 (openerp-dev-addons1) |
To post a comment you must log in.
Hi Georges,
The auth_openid module does not have any hardcoded directory, it's using the platform's temporary location, as appropriate.
You should not encounter any access rights issues in the creation or usage of the OpenID filestore directory, unless:
- you have configured special access rights on the temporary directory on your platform (the user running OpenERP should be able to create files and directories inside it)
- you are trying to run multiple OpenERP processes using different system users. This is not a supported configuration. Even in multiprocess deployments (GUnicorn etc..), all OpenERP processes are executed as the same user.
Note: let's not confuse the system user OpenERP is running as, and the users configured within each OpenERP database. auth_openid- store" and restart the server.
Perhaps you have executed the OpenERP server under different users while testing it? In that case you can simply delete the existing "/tmp/openerp-
If you want to run multiple OpenERP servers using different system users you are in unsupported territory (because OpenERP is designed as a multi-tenant platform, so it makes little sense). Nevertheless you can try one of the following:
- On Unix: make sure they belong to the same Unix group, so they can read/write on each other's files in the temporary location (which by default should using a permission mask that gives the group the same permissions as the user)
- Alternatively, configure an OS-level jail isolation for the processes, where each process has its own "/tmp" location
I hope this clarifies the topic a little bit...