Odoo Addons (MOVED TO GITHUB)

Bug #1040901
Comment #5

Comment 5 for bug 1040901

Revision history for this message

Raphaël Valyi - http://www.akretion.com (rvalyi) wrote on 2012-09-09: Re: [Bug 1040901] Re: Hardcoded openid temp directory

Hello,

I agree with Anybox guys: supporting multiple unix users shouldn't be too
hard and is fundamental for us integrators. For instance I may let a
trainee debug a development copy of a production server but not give access
to the production server itself. Using a different unix user is the easiest
way to achieve this.
On Sep 8, 2012 9:35 AM, "Georges Racinet" <email address hidden>
wrote:

> @ccomb: thanks for confirmation. About sharing between gunicorn
> processes, it's the same as it's done in the main wsgi handler (see
> #1035214) make the name of that temporary directory depend on system
> user information.
>
> By the way, a clean workaround is to use the TMPDIR environment variable
> (see http://docs.python.org/library/tempfile.html) in the launching
> process (e.g from supervisor)
>
> @odony: we have found so far only two problems with multi-system user
> environments, both being very simple to fix. We can definitely help
> supporting this cases. The other problem (#1035214) is minor relative to
> this one and even demonstrates that in a recent past, OpenERP did care
> about multi-system user concerns.
>
> Use-cases for OpenERP running on a system on which it had at least
> previously run with another system user go far beyond hosting. For
> instance, a developer may want to run OpenERP installed from the
> official .deb package, and then from a custom built. I came accross the
> issue because I sometimes run some tests under a different system user
> on my workstation.
>
> --
> You received this bug notification because you are a member of OpenERP
> Drivers, which is subscribed to OpenERP Web.
> https://bugs.launchpad.net/bugs/1040901
>
> Title:
> Hardcoded openid temp directory
>
> Status in OpenERP Web:
> Invalid
>
> Bug description:
> This is seen on current trunk, although I remember it's not the first
> time I've come accross it:
>
> OSError: [Errno 13] Permission denied: '/tmp/openerp-auth_openid-
> store/nonces'
>
> Probably a hardcoded name for this directory leading to that error in
> multi-user environments.
> If true the user name and numeric id should be used to provide robust
> user differentiation and continue to share accross several processes (e.g.,
> Gunicorn) on the same box without resorting to session affinity.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openerp-web/+bug/1040901/+subscriptions
>

Hello,

> @ccomb: thanks for confirmation. About sharing between gunicorn
> processes, it's the same as it's done in the main wsgi handler (see
> #1035214) make the name of that temporary directory depend on system
> user information.
>
> By the way, a clean workaround is to use the TMPDIR environment variable
> (see http://docs.python.org/library/tempfile.html) in the launching
> process (e.g from supervisor)
>
> @odony: we have found so far only two problems with multi-system user
> environments, both being very simple to fix. We can definitely help
> supporting this cases. The other problem (#1035214) is minor relative to
> this one and even demonstrates that in a recent past, OpenERP did care
> about multi-system user concerns.
>
> Use-cases for OpenERP running on a system on which  it had at least
> previously run with another system user go far beyond hosting. For
> instance, a developer may  want to run OpenERP installed from the
> official .deb package, and then from a custom built. I came accross the
> issue because I sometimes run some tests under a different system user
> on my workstation.
>
> --
> You received this bug notification because you are a member of OpenERP
> Drivers, which is subscribed to OpenERP Web.
> https://bugs.launchpad.net/bugs/1040901
>
> Title:
>   Hardcoded openid temp directory
>
> Status in OpenERP Web:
>   Invalid
>
> Bug description:
>   This is seen on current trunk, although I remember it's not the first
>   time I've come accross it:
>
>   OSError: [Errno 13] Permission denied: '/tmp/openerp-auth_openid-
>   store/nonces'
>
>   Probably a hardcoded name for this directory leading to that error in
> multi-user environments.
>   If true the user name and numeric id should be used to provide robust
> user differentiation and continue to share accross several processes (e.g.,
> Gunicorn) on the same box without resorting to session affinity.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/openerp-web/+bug/1040901/+subscriptions
>