Community mailing list archives

community@mail.odoo.com

Re: stop odoo using rpc api??

by
redCOR AG, robert rottermann
- 08/01/2016 08:26:50
On 01.08.2016 14:12, Dominique Chabord wrote:
> 2016-08-01 13:09 GMT+02:00 robert rottermann <robert@redcor.ch>:> On 01.08.2016 12:37, Dominique Chabord wrote: >> 2016-08-01 12:22 GMT+02:00 
> robert rottermann <robert@redcor.ch>:> On >> 01.08.2016 12:02, Dominique 
> Chabord wrote: >> hi, >> >> I hope not ;-) >> >> regards > sorry, i might not 
> have been clear enough. > I would like to be >> able >> to do that. > > 
> otherwise I have to close the running server using some >> shell >> commands , 
> > which > would be far less elegant. >> >> ok, I hope noboby can stop Odoo's 
> saas with an appropriate request. >> There isn't anything elegant in bypassing 
> a server administration >> rules. Odoo daemon should not be allowed to stop 
> itself on a >> reasonably administrated server, nevertheless you may develop a 
> piece >> of code to make it crash (many succeed) , but just an opinion about 
> >> what elegance can be ;-) > agreed, and only being able to stop a server by 
> killing it, strikes me as > utterly inelegant.
>
> but it is the way it is designed since the beginning of multi-task
> operating systems.
> kill -x indicates to the process the level x of the interruption, then
> the process does what it has to do.
> kill is a system function that you can call in any code, no need to
> use the shell command which embeds it.
i know how to kill a process. that is not the issue here..
>
> > > however I would like to learn, why you think having a well define shut down 
> > procedure is bad?
>
> A daemon should be stopped with the same system privileges used to
> start it. For exemple, the --stop-after-init option is correct. A
> worker should not shutdown the main process which started it.
> On RPC call, you wouldn't need to get  system privileges to act on the
> server. Usually it is a definition of "security breach". A simple
> exploit would be to stop the service for all users on all databases.
as I said in my answer to Alexandre, I am sceptical that this is true ..
> On the other hand, there are already worse topics of concern.
but the daemon knows nothing about the daemonised process.
the user or some other service however might

I can live with the situation ..
robert