UID mismatch and permission problems

[SEP-Lipchanskis]

The odoo user UID inside container is not the same as host user odoo UID.

how to reproduce the issue:
-adduser odoo (generated UID=1001)
-install docker
-write basic docker compose file to run odoo based on this repo (v15), bind mount filestore directory so you can backup/restore odoo in future
-run odoo and postgres containers and face the filestore permission errors
-docker exec into odoo container
-inside the container the user is odoo with UID 101 and has no permissions to write to filestore. The filestore owner is 1001
-exit from container. User with uid 101 in host is systemd-resolve
-if I do chown 101 to filestore in host, the owner inside the container is odoo now. But this is not ok to have a unrelated system user as owner of odoo filestore directory. Also not good the container user can potentially access system files.

Maybe I am doing something wrong?
What is the right way to run containers and bind mounts with write access?

[RafaelAngelRamirez]

What you can do it´s change the owner of your bind filestore to your host user, not the root of the host. Odoo can read, but can write. This is good when you are working and need to do continuos changes. The unique exeception here that I found is with de odoo.conf file. This file, the first time you run odoo (new databese), needs to be created for the container and the folder must be owner by the odoo user wich is already created inside the container.

By the way, you can still create a new user with only write permision on the bind folder. This can mitigate securty problems with possible breach in your container. In escence, this is the same way that you are trying with the odoo user.

[SEP-Lipchanskis]

The odoo user is created automatically when odoo is installed, and I am not able (not skilled enough) to configure the creation of this user. The solution for me was to modify dockerfile so to create a odoo user before odoo is installed and specify the corresponding UID. Basically I have followed this manual:
https://nickjanetakis.com/blog/running-docker-containers-as-a-non-root-user-with-a-custom-uid-and-gid#demo-video

It helped me, but the issue is not solved- I guess the UID should be the same when user "odoo" is created.

[RafaelAngelRamirez]

@SEP-Lipchanskis - If you are working with the Dockerfile to compile a new image, you can add a new line to modify the UID of the user after the Odoo installation is done. To do this, add the following line to the Dockerfile:

RUN usermod -u 1001 odoo

You need to be root to run this command. (Check if the Dockerfile is working with the root user.)

In your host machine, do the same with your Odoo user. Now, both users must have the same UID

Check this for more info https://www.cyberciti.biz/faq/linux-change-user-group-uid-gid-for-all-owned-files/

[lathama]

@SEP-Lipchanskis is this still an issue or have you found an answer?

[honeypool]

@lathama I have solved my problem by adding following lines:

.env file:

UID=1000
GID=1000

docker-compose.yml:

version: '3'
services:
  odoo:
    user: odoo:odoo
    build:
      args:
        USER_UID: ${UID}
        USER_GID: ${GID}

Dockerfile:

#ADDED FOLLOWING 2 LINES:
ARG UID=1000
ARG GID=1000

ENV ODOO_VERSION 15.0
ARG ODOO_RELEASE=20230825
ARG ODOO_SHA=29c8f49377b264ef1e9d1e12710ec530bcceeb06
RUN curl -o odoo.deb -sSL http://nightly.odoo.com/${ODOO_VERSION}/nightly/deb/odoo_${ODOO_VERSION}.${ODOO_RELEASE}_all.deb \
    && echo "${ODOO_SHA} odoo.deb" | sha1sum -c - \
    && apt-get update \
#ADDED FOLLOWING 2 LINES:
    && groupadd -g "${GID}" odoo \
    && useradd --create-home --no-log-init -u "${UID}" -g "${GID}" odoo \

    && apt-get -y install --no-install-recommends ./odoo.deb \
    && rm -rf /var/lib/apt/lists/* odoo.deb