- Odoo 11 Development Cookbook(Second Edition)
- Holger Brunn Alexandre Fayolle
- 235字
- 2021-06-25 22:48:33
How it works...
Most of the recipe is identical to what is described in Chapter 1, Installing the Odoo Development Environment, but there are a few key differences.
We are using a dedicated system user with login odoo. This enables us to control who has access to the account, for example, by configuring the sudo or ssh authorized keys. It also allows us to give this user as few permissions as possible, in case the instance is compromised.
The database user linked to this account does not have any privilege, not even database creation. We create the database externally, just once. In case the instance is compromised, an attacker won't be able to create additional databases on the server.
The Odoo script we are creating will be used in the recipe Set up Odoo as a system service later in this chapter. It uses the production.conf configuration file, which is explained in the next recipe, Adapting the configuration file for production.
We uninstall gcc at the end of the process so that if an attacker gains access, he will not be able to use this to recompile executables locally.
At the end of this recipe, your server is not ready yet. You will need to refer to the recipes Adapting the configuration file for production, Set up Odoo as a system service, and Configure a reverse proxy and SSL, which are described in this chapter.