From 26e3741a6b82bec11140d4500c1a23ea8047dc15 Mon Sep 17 00:00:00 2001 From: Sebastian Reyes Espinosa Date: Fri, 9 Oct 2015 08:09:19 -0500 Subject: [PATCH] Security improvements MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Addressing the #2 security concerns reported by @tvibliani about the user created with the script. This is made that way because this is a “system” user. It is there to own and run the application, it isn’t supposed to be a person type user with a login etc. In Ubuntu, a system user gets a UID below 1000, has no shell (it’s actually /bin/false) and has logins disabled. --- odoo_install.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/odoo_install.sh b/odoo_install.sh index 289df78..d0698f6 100644 --- a/odoo_install.sh +++ b/odoo_install.sh @@ -95,13 +95,12 @@ else fi echo -e "\n---- Create ODOO system user ----" -sudo adduser --system --quiet --shell=/bin/bash --home=$OE_HOME --gecos 'ODOO' --group $OE_USER +sudo adduser --system --home=$OE_HOME --group odoo #The user should also be added to the sudo'ers group. -sudo adduser $OE_USER sudo echo -e "\n---- Create Log directory ----" sudo mkdir /var/log/$OE_USER -sudo chown $OE_USER:$OE_USER /var/log/$OE_USER +sudo chown $OE_USER:root /var/log/$OE_USER #-------------------------------------------------- # Install ODOO