Running as user 'root' is a security risk, aborting - python-2.7

I was following this link:
http://www.mindissoftware.com/2014/09/11/Run-Odoo-in-PyCharm-Ubuntu/
I changed the openerp-server.conf file and run the Database located at another machine using host address.
When I run the odoo in Pycharm it throws the error as
Running as user 'root' is a security risk, aborting.
Please help me

You must be trying to run Odoo with the root account: either you logged in as rootor you are running PyCharm/Odoo with sudo.

SnippetBucket Expert for Odoo
Running as user 'root' is a security risk, aborting.
Odoo rules:
1. Odoo can't run with root user, Its because of good govern of ERP Security
2. Odoo - Postgresql, You should not use "postgres" user to run odoo, instead create superuser of postgresql and connect it.
For pycharm, make sure you not run pycharm with root or pycharm don't operate terminal under root. Desktop specific stuff.
Its better to create desktop user, with same name create postgresql super user.
than with newly created desktop user use pycharm. make better to work with odoo.
G-Edit editor and plugins are my favoite editor, keep less memory and works faster. G-Edit Odoo Snippets gives faster to work.
Thanks
SnippetBucket.com

Related

Django Cookiecutter Database restore

I'm trying to restore the database with the maintenance script provided. But there is a check in the script which doesn't allow me to restore if the user is postgres.
Any reason for that ?
It is a custom to not use the postgres user in this case. Similar to the custom that when operating a linux server, you use a user account instead of the root account.
You can remove the passage from the script if you want to proceed anyway. However, cookiecutter-django should have generated a .env/.production/.postgres file with a different username than postgres.

How can I call a custom Django manage.py command directly from code with specific database connection

i followed this solution to run customer django command programmatically , but it is limited for just one database connection.
I have django app configured with multiple database , is it possible to run custom django command using specific database connection?
exactly like when we use connections["DB_NAME_CONNECTION"].cursor() to execute an sql query
thanks a lot for your help!
One option is to create a new settings module (here's a guide) that contains your specific database connection configuration, and then use that settings module when using call_command():
management.call_command('mycommand', '--settings=mysite.settings.specificconnection')

Wampserver "Can’t select database"

I had to reinstall Windows, and with that, reinstall Wampserver.
My MySQL data dir is in Dropbox on D:\
I've edited my.ini:
datadir=D:/Dropbox/WAMP/SQL/data
However, when I view phpMyAdmin, the original databases are not being loaded.
There's nothing specific in c:/wamp/logs/mysql.log.
When I try to load a local Wordpress site, I receive the error:
Can’t select database We were able to connect to the database server
(which means your username and password is okay) but not able to
select the steve database.
Are you sure it exists? Does the user steve have permission to use
the stevedoig database? On some systems the name of your database is
prefixed with your username, so it would be like username_stevedoig.
Could that be the problem?
Why isn't phpMyAdmin picking up the original databases present before the Windows reinstall?
Help appreciated.

How to use a different database for Heroku review apps?

I have a deployment pipeline on Heroku which recently started using review apps. This means I have an app - let's call it CI-APP -- which is being created from the master branch.
Every time a pull request is made, a review app is created. We are using Django in our project and so I also added the migrate command to the release phase in the project, so that database migrations can be done automatically.
Today, a coworker submitted a pull request which contained some database changes. The problem is that the migration was ran, and since review apps seem to be using the same database as the app they are suppose to merge to, the migration was applied and now my app CI-APP stopped working...since the code base no longer matches the database structure.
I searched a lot about how to use completely different databases for the review apps compared to the parent app, but to no avail (there are some resources mentioning how you can copy db contents, but that is not what I need).
Any suggestion ?
Update
Ok, so it seems that Heroku does create a new database for the review app, however: the review app copies all of its environment variables from the parent, including the DATABASE_URL (this seems to be the only way to actually create the review app : https://s3.amazonaws.com/heroku-devcenter-files/article-images/1461071037-initial_set_up_review_apps.png)
I think I can do some black magic in the postdeploy script, but since the database generated url can be something such as HEROKU_POSTGRESQL_{color}_URL, I am not sure how to find it ....
To do that, create the app.json file at the root of your project instead of using the heroku dashboard. In this file, you can specify what environment variables to inherit from the parent.
From the heroku docs:
"env": {
"INHERIT_THIS_CONFIG_VAR": {
"required": true
},
"DONT_INHERIT_THIS_CONFIG_VAR": "production"
},
This allows you to specify which database you want to use for the review app. Looking at the documentation of the heroku postgres addon (i assume you're using postgres):
As part of the provisioning process, a DATABASE_URL config var is
added to your app’s configuration. This contains the URL your app uses
to access the database.
So the database_url config variable will be created by the adddon. You simply need to not put it in the app.json file, and it will be created automatically.
Check that you do not have the DATABASE_URL set in the Pipeline Settings CONFIG VARS in Heroku either.. if it is set there, then it seems the Review App will use that as the DB link and not the one created when the Review App is created.

Apache user permissions on PostgreSQL database

I'm planning to deploy a Django site using Apache + mod_wsgi and PostgreSQL on Ubuntu 10.04.
I intend to connect to the database using IDENT authentication. For this I need to create a Postgresql user for Apache (www-data). I have chosen not to make this a superuser or provide any special privileges.
I have then created a database. I actually did this twice during testing. The first time I set the Apache user as the owner; the second time I set the owner as myself (superuser), and granted all privileges on the database to the Apache user.
When I use the Django syncdb management command (as myself), the tables created are not accessible to the Apache user. This can be resolved by granting all permissions to the Apache user for each table, but that's a bit of a nuisance.
The alternative seems to be allowing access as a superuser.
Is it considered safe/acceptable for my project to access a local db as a Postgresql superuser, and is it safe to use IDENT authentication? If not, what is the common practice?
EDIT: I've since found that switching PostgreSQL to use md5 authentication for local connections makes life easier.
When using ident authentication, connections to the database are via the Apache user during normal operation. When Django management commands are used, the connections are via the current user.
If you use MD5, both situations will connect to the database using the details specified in the DATABASES section of your settings.py file, avoiding the problems listed above.
I'm still interested to know if using a PostgreSQL superuser is wise.
Having applications connect as a superuser is almost definitely unwise. Unless the application needs to actually create and/or drop databases itself (and this is extremely unlikely), I don't think it's ever necessary. If the application connects to a database as that database's owner, it is effectively a superuser within the confines of that database, which might not be too bad.
I generally have applications access the database using an account authenticating with MD5. It's possible, for example, to set up pg_hba.conf such that the application account is the only account that can use MD5 authentication, and all other users on the local machine use ident/peer authentication.
It sounds like what you actually needed here was a role to group the Apache user and the other Django users together, so you could grant them access en masse.
Postgresql does have ways to grant permissions for all tables etc in a schema at once, and also a way to specify default permissions to be applied to new objects. This previous answer may be helpful: How do you create a read-only user in PostgreSQL?
IDENT authentication ended up being more hassle than it was worth. Here's what I ended up doing to avoid the use of a PostgreSQL superuser role...
Switch to the postgres linux user:
sudo su - postgres
Edit the PostgreSQL host-based authentication configuration file:
nano /etc/postgresql/8.4/main/pg_hba.conf
Scroll to near the bottom of this file, looking for the line which looks like this:
local all all ident
Change ident to md5, exit and save. This tells PostgreSQL to use an MD5-encrypted password for authentication on local connections. Now restart PostgreSQL:
/etc/init.d/postgresql-8.4 restart
Create a PostgreSQL user:
createuser django_user --pwprompt
Don't accept any of the special privileges when prompted. Now create a new database:
createdb -E UTF8 -O django_user django_db
Those options encode the database in UTF8 and set the owner to django_user. You can now exit back to the original linux user account:
exit
Your project settings file (settings.py) will need to include something like this:
DATABASES = {
'default': {
'ENGINE': 'django.contrib.gis.db.backends.postgis',
'NAME': 'django_db',
'USER': 'django_user',
'PASSWORD': '[your password]',
'HOST': '',
'PORT': '',
}
}
When you run python manage.py syncdb or any other Django management commands, the settings above will be used to authenticate with the database.