@@ -740,7 +740,143 @@ It should be stored securely, and should be generated randomly e.g.
740740
741741 $ python3 -c 'import base64, os; print(base64.b64encode(os.urandom(24)))'
742742
743-
743+
744+
745+ Reset the master password
746+ -------------------------
747+
748+ There may be instances where the master password is misplaced, or compromised, and needs to be
749+ reset. The following process is for system administrators of an Odoo on-premise database detailing
750+ how to manually reset and re-encrypt the master password.
751+
752+ .. seealso ::
753+ For more information about changing an Odoo.com account password, see this documentation:
754+ :ref: `odoocom/change_password `.
755+
756+ When creating a new on-premise database, a random master password is generated. Odoo recommends
757+ using this password to secure the database. This password is implemented by default, so there is a
758+ secure master password for any Odoo on-premise deployment.
759+
760+ .. warning ::
761+ When creating an Odoo on-premise database the installation is accessible to anyone on the
762+ internet, until this password is set to secure the database.
763+
764+ The master password is specified in the Odoo configuration file (`odoo.conf ` or `odoorc ` (hidden
765+ file)). The Odoo master password is needed to modify, create, or delete a database through the
766+ graphical user interface (GUI).
767+
768+ Locate configuration file
769+ ~~~~~~~~~~~~~~~~~~~~~~~~~
770+
771+ First, open the Odoo configuration file (`odoo.conf ` or `odoorc ` (hidden file)).
772+
773+ .. tabs ::
774+
775+ .. tab :: Windows
776+
777+ The configuration file is located at: `c:\\ProgramFiles\\Odoo{VERSION}\\server\\odoo.conf `
778+
779+ .. tab :: Linux
780+
781+ Depending on how Odoo is installed on the Linux machine, the configuration file is located in
782+ one of two different places:
783+
784+ - Package installation: `/etc/odoo.conf `
785+ - Source installation: `~/.odoorc `
786+
787+ Change old password
788+ ~~~~~~~~~~~~~~~~~~~
789+
790+ Once the appropriate file has been opened, proceed to modify the old password in the configuration
791+ file to a temporary password.
792+
793+ .. tabs ::
794+
795+ .. group-tab :: Graphical user interface
796+
797+ After locating the configuration file, open it using a (:abbr: `GUI ( graphical user
798+ interface ) `). This can be achieved by simply double clicking on the file. Then, the device
799+ should have a default :abbr: `GUI ( graphical user interface ) ` to open the file with.
800+
801+ Next, modify the master password line `admin_passwd = $pbkdf2-sha… ` to `admin_passwd =
802+ newpassword1234 `, for example. This password can be anything, as long as it is saved
803+ temporarily. Make sure to modify all characters after the `= `.
804+
805+ .. example ::
806+ The line appears like this:
807+ `admin_passwd =
808+ $pbkdf2-sh39dji295.59mptrfW.9z6HkA$w9j9AMVmKAP17OosCqDxDv2hjsvzlLpF8Rra8I7p/b573hji540mk/.3ek0lg%kvkol6k983mkf/40fjki79m `
809+
810+ The modified line appears like this: `admin_passwd = newpassword1234 `
811+
812+ .. group-tab :: Command-line interface
813+
814+ Modify the master password line using the following Unix command detailed below.
815+
816+ Connect to the Odoo server's terminal via Secure Shell (SSH) protocol, and edit the
817+ configuration file. To modify the configuration file, enter the following command:
818+ :command: `sudo nano /etc/odoo.conf `
819+
820+ After opening the configuration file, modify the master password line `admin_passwd =
821+ $pbkdf2-sha… ` to `admin_passwd = newpassword1234 `. This password can be anything, as long as
822+ it is saved temporarily. Make sure to modify all characters after the `= `.
823+
824+ .. example ::
825+ The line appears like this:
826+ `admin_passwd =
827+ $pbkdf2-sh39dji295.59mptrfW.9z6HkA$w9j9AMVmKAP17OosCqDxDv2hjsvzlLpF8Rra8I7p/b573hji540mk/.3ek0lg%kvkol6k983mkf/40fjki79m `
828+
829+ The modified line appears like this: `admin_passwd = newpassword1234 `
830+
831+ .. important ::
832+ It is essential that the password is changed to something else, rather than triggering a new
833+ password reset by adding a semicolon `; ` at the beginning of the line. This ensures the database
834+ is secure throughout the entire password reset process.
835+
836+ Restart Odoo server
837+ ~~~~~~~~~~~~~~~~~~~
838+
839+ After setting the temporary password, a restart of the Odoo server is **required **.
840+
841+ .. tabs ::
842+
843+ .. group-tab :: Graphical user interface
844+
845+ To restart the Odoo server, first, type `services ` into the Windows :guilabel: `Search ` bar.
846+ Then, select the :guilabel: `Services ` application, and scroll down to the :guilabel: `Odoo `
847+ service.
848+
849+ Next, right click on :guilabel: `Odoo `, and select :guilabel: `Start ` or :guilabel: `Restart `.
850+ This action manually restarts the Odoo server.
851+
852+ .. group-tab :: Command-line interface
853+
854+ Restart the Odoo server by typing the command: :command: `sudo service odoo15 restart `
855+
856+ .. note ::
857+ Change the number after `odoo ` to fit the specific version the server is running on.
858+
859+ Use web interface to re-encrypt password
860+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
861+
862+ First, navigate to `/web/database/manager ` or `http://server_ip:port/web/database/manager ` in a
863+ browser.
864+
865+ .. note ::
866+ Replace `server_ip ` with the IP address of the database. Replace `port ` with the numbered port
867+ the database is accessible from.
868+
869+ Next, click :guilabel: `Set Master Password `, and type in the previously-selected temporary password
870+ into the :guilabel: `Master Password ` field. Following this step, type in a :guilabel: `New Master
871+ Password `. The :guilabel: `New Master Password ` is hashed (or encrypted), once the
872+ :guilabel: `Continue ` button is clicked.
873+
874+ At this point, the password has been successfully reset, and a hashed version of the new password
875+ now appears in the configuration file.
876+
877+ .. seealso ::
878+ For more information on Odoo database security, see this documentation:
879+ :ref: `db_manager_security `.
744880
745881Supported Browsers
746882==================
0 commit comments