[IMP] admin sys config: onprem password reset

[tiku-odoo]

Task: https://www.odoo.com/web#id=2230148&cids=3&menu_id=4720&action=333&active_id=3835&model=project.task&view_type=form

[robodoo]

Pull request status dashboard.

[tiku-odoo]

@mart-e
@daho-odoo

I'm sorry this PR took so long to get posted; when you have a moment, can you review it for accuracy?

Thanks,
Tim

[tiku-odoo]

@brse-odoo

Can you review this change when you have a moment?

Lines: 603-702

Thanks!

Tim 👍

[mart-e]

Thanks for the pr but it’s a bit odd how it’s constructed. In both "from GUI" and "from command line", you need to edit the file first. I would change it to :

1. how to locate/edit configuration file
2. how to generate a new password from gui
3. how to generate a new password from command line

[tiku-odoo]

Thanks for the pr but it’s a bit odd how it’s constructed. In both "from GUI" and "from command line", you need to edit the file first. I would change it to :

1. how to locate/edit configuration file

2. how to generate a new password from gui

3. how to generate a new password from command line

@mart-e

The configuration file is edited differently (via GUI and CLI) in each reset situation, so I'm leaving each process complete in each section as it stands.

Can you confirm the path: /etc/odoo.conf is correct?

Thanks,
Tim

[mart-e]

The configuration file is edited differently (via GUI and CLI) in each reset situation
Can you confirm the path: /etc/odoo.conf is correct?

I think there is some misunderstanding. Let me clarify how it works but first, the way you advise is not ideal as unsecure. Your instructions are:

1. remove master password from config file
2. restart the server
3. set a new password from the web interface

The issue with that is that between 2 and 3, the database is unprotected, this can be dangerous depending on the scenario. Instead a better way would be :

1. modify the master password in the config file
2. restart the server
3. set a new password from the web interface

So to proceed, I would go like:

1. locate the configuration file

• using Windows ? -> c:\Program Files\Odoo {VERSION}\server\odoo.conf
• using Linux ? -> depends on how is installed
  • packaged installation ? -> /etc/odoo.conf
  • source installed ? -> ~/.odoorc

2. Change the old password

• using a graphical editor ? -> open in your favourite graphical editor
• using a cli editor ? -> open in your favourite command line editor
• both cases, modify the line to the master password you wish to use : replace admin_passwd = $pbkdf2-sha… to admin_passwd = newpassword1234 (well a better password than that)

3. restart the odoo server

4. Use the web interface

• go to /web/database/manager and click "set master password" button
• write your chosen password in both "Master password" and "New Master password"

The step 4 is important because the server will hash your password and can not be read.

As you can see, the way you edit the file is not really important. It’s just the choice of the user if they want to use gedit, emacs, nano or whatever editor they are familliar with, no need to make a different section for it.

Also, I would add a reference to the database manager security doc page where we strongly recommend to disable the database manager in production.

I hope it clarifies.

[tiku-odoo]

@mart-e / @xpl-odoo

I've made the changes you requested. Can you review the new process, as I have documented it? I used tabs to differentiate between GUI/CLI and Windows/Linux.

Thanks for your time reviewing this.

[tiku-odoo]

@brse-odoo

This doc is ready for your review when you have a moment. Lines 603-740

Thanks for your time on this.

Tim 👍

[brse-odoo]

@tiku-odoo I've finished my review of the requested lines in this doc - great job! I'm approving with suggestions for you to accept/reject as you see fit. Let me know if you have any questions, thanks!

[tiku-odoo]

@ksc-odoo

This script is ready for your review when you have a moment.

Thanks 👍

Tim

[ksc-odoo]

Hey @tiku-odoo -- just finished my Final Review. Nice job! Approving now. Once you address all my comments, and implement the necessary changes, feel free to tag this for Tech Review. Thanks! 👍

[tiku-odoo]

@samueljlieber

This doc is ready for your tech review when you have a moment. Thanks

Tim

[samueljlieber]

Hi @tiku-odoo, just a quick suggestion and before I give a full technical review can you please squash the commits in this PR? Thank you!

[tiku-odoo]

@samueljlieber

Sorry about that. I've squashed the commits, and now it's ready for your review.

Thanks,
Tim 👍

[samueljlieber]

Hi @tiku-odoo, great work on this PR! This is a very thorough and important addition to the System configuration documentation. Everything looks good to me, with one small suggestion for specificity. Please see below. Approving and delegating merge to you 👍
...
@robodoo delegate=tiku-odoo

[tiku-odoo]

@robodoo r+