insecure database configuation
Bug #584562 reported by
ceg
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openerp-server (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: openerp-server
README.debian advices to create an openerp database user like this:
#su - postgres -c "createuser --createdb --no-createrole --pwprompt openerp"
However this advice (and any debconf postinst configuration should probably also contain the "--no-superuser" option, so crateuser does not ask and make the user a superuser. (The openerp user does not need to be able to mess with the whole postgres setup.)
To post a comment you must log in.
Agreed. The documentation /usr/share/ doc/openerp- server/ README. Debian should be updated to add the "--no-superuser" option.