Hello to all,
I rollout Odoo 18.0 via Ansible and Docker. If I open the website I get an error:
"Internal Server Error
The server encountered an internal error and was unable to complete your request. Either the server is overloaded or there is an error in the application."
I looked into the Docker log of the odoo-container and I got this error:
"PermissionError: [Errno 13] Permission denied: '/var/lib/odoo/.local'"
The folder in the container is a Docker volume on the host system (an Ubuntu 22.04).
I identifyed the problem as the different UIDs and GIDs of the container user (named odoo) and the not existing odoo-user on the host. But I can not create the missing odoo-user on the host, because he needs the same UID and GID (Docker use the UID and GID to access the volume from the container). In the container, the UID and the GID of the user odoo is uid=100(odoo) gid=101(odoo) groups=101(odoo). That's awful, because my host Ubuntu used this IDs for system applications. The UID 100 is reserved for _apt and the GID 101 is reserved for systemd-journal. If I set the permissions of volumes on the host to _apt and systemd-journal:
chown -R _apt:systemd-journal /mnt/odoo-daten/addons/
chown -R _apt:systemd-journal /mnt/odoo-daten/config/
chown -R _apt:systemd-journal /mnt/odoo-daten/odoo-web-daten/
Odoo works. But I think this is a dirty solution! First, as far as I am informed, the UID range between 100-999 is dynamically and can be changed.* So, my configuration can be invalid, if a different user ID is available depending on the available user ID in the range at the time of creation. Furthermore, I think to use UIDs and GIDs from other system applications is problematic on a security view, because it invalidate the permissons concept.
With the information I have, I think the container user should be changed.
* h__ps://www.baeldung.___com/linux/user-ids-reserved-values#the-application-users
(remove the underlines, I have not enough Karma points, to post the link of the source of information)
