Community: Framework mailing list archives

expert-framework@mail.odoo.com

Re: OpenERP v7.0 Database Dump PermissionDenied (BUG?)

by
f.boender
- 12/17/2014 05:18:16
For those googling for an answer to this problem, I've found three work-arounds.

1. Configure PostgreSQL not to use password with the auth-method = trust in pg_hba.conf.
2. Create a .pgpass file in the home directory of the user that OpenERP is running as and put the credentials for the database in there:

  localhost:5432:DBNAME:USERNAME:PASSWORD

  Make sure to change the permissions on the file such that only the user itself can read it (chmod 600 .pgpass)
3. Apply the patch found at http://electricmonk.nl/data/openerp/openerp-v700-accessdenied.patch in the OpenERP library directory:

   /usr/lib/pymodules/python2.7/# patch -p0 < /home/fboender/openerp-v700-accessdenied.patch

I recommend solution 2 if you don't need to restore dumps to a new database name (since the .pgpass above only grants access to a single database). If you do have to restore dumps to databases under a new name, you're better of using solution 1. Solution 3 might interfere with future upgrades.

Regards,

Ferry

On Tue, Dec 16, 2014 at 3:59 PM, Boender, Ferry <f.boender@flusso.nl> wrote:
Hey all,

(First off, I'm no OpenERP/Odoo expert; though I know quite a bit of Python).

I ran into an issue on our OpenERP v7.0 (Ubuntu package v7.0-20130312-002112-1 from http://nightly.openerp.com/7.0/nightly/deb/).

Creating database dumps through the web interface using the database administrator interface has started giving AccessDenied errors. I'm certain we're using the correct password because I create new databases, delete them and change the password through the interface. I'm using the password from the 'admin_passwd' setting from the configuration file.

I've dived into the Python source, and I think I've traced the problem to the following:

  web_services.py
    def exp_dump(self, db_name):
      with self._set_pg_password_in_environment():

The _set_pg_password_in_environment() is defined as (again, stripping some irrelevant stuff):

  def _set_pg_password_in_environment(self):
    """ On Win32, pg_dump (and pg_restore) require that
    :envvar:`PGPASSWORD` be set
    
   This context management method handles setting
    :envvar:`PGPASSWORD` iif win32 and the envvar is not already
    set, and removing it afterwards.
    """
    if os.name != 'nt' or os.environ.get('PGPASSWORD'):
      yield
    else:
       os.environ['PGPASSWORD'] = tools.config['db_password']
       try:
          yield
       finally:
          del os.environ['PGPASSWORD']

The docstring says "if win32 and the envvar is not already set". Yet the code tests whether the OS is not 'nt' OR the environment is not set. Since I'm running on Ubuntu, this never sets the password in the environment. The exp_dump method also doesn't include it in the command it issues (['pg_dump', '--format=c', '--no-owner', '--username=openerp', '--host=localhost', '--port=5432', u'somedbname']) . Looking at another machine that *does* work properly, the line with the "os.name" check doesn't exist and is instead:

  if os.environ.get('PGPASSWORD') or not tools.config['db_password']:

Is my assumption correct that this is a bug in OpenERP, or is there some critical thing I'm not understanding about OpenERP configuration? For now I've "fixed" the issue by creating a .pgpass file in the openerp user's home dir, but that seems like a crude fix.

I'd be grateful if anybody can shine a light on this!

With kind regards,

Ferry

--
Ferry Boender
Consultant
M:06-23292583

Flusso B.V.
Hamersveldseweg 126
3833 GV Leusden
T: 033-4347680 


--
Ferry Boender
Consultant
M:06-23292583

Flusso B.V.
Hamersveldseweg 126
3833 GV Leusden
T: 033-4347680