OperationalError: attempt to write a readonly database in ubuntu server - python

I'm running a FlaskApp using mod_wsgi and apache2 on Ubuntu server. I tried running the flask app on localhost successfully and then deployed it on ubuntu server.
But when i try to update database, its giving error:
Failed to update model. (OperationalError) attempt to write a readonly database u'UPDATE mysongs SET songurl=? WHERE songid.id = ?' (u'www.site.com/I_wanna_dance', 1)
Now i tried look for database file permission which is:
-rwxr-xr-x 1 www-data www-data 10240 Jul 14 15:35 /var/www/mywebsite/appfolder/appdata.db`
When i try changing permission to 777, 755, 644 etc. it shows another error: unable to open database file Although database file works fine with 644 permission on localhost but not on ubuntu server.
Also i checked permission of directories and for /var /var/www /var/www/mywebsite /var/www/mywebsite/appfolder etc., all have www-data:www-data as its owner username and group.
I tried googling and but no proper solution other than suggestion of changing file/dir permissions, which i have tried myself.
Why can't it read/access the database file?
Please suggest.

This issue is related to the files permissions management AND mostly to the user chosen in the Apache configuration file (*.conf) defined to holds the application processes. In a few words : the write permissions need to match this user.
Most of the time, the sqlite database file has been created by a specific user (for example your current user) and the site application is running under child processes launched by the Apache default user www-data (if the parameter user wasn't specified inside the directive WSGIDaemonProcess). In this case, the database can be read but it will throw this error if you try to modify anything :
(OperationalError) attempt to write a readonly database...
because www-data has no permission on the file (or on the parent folder)
First way : Apply permissions to the user www-data
You can set the write permissions on the database file and its parent folder.
If the folder contains other files, you can add write permission on it and only change the ownership of the database file to the user www-data, for example :
sudo chmod o+w db_directory
sudo chown www-data: db_directory/site_database.db
Or if the folder contains only the database file, you can try to change the folder owner directly :
sudo chown -R www-data: db_directory
Then check that read/write permissions are well set (with ls -l site_database.db)
More help in this post.
Other solution : Add a specific user to hold the application processes
This can be done by giving the user and group parameters in the directive WSGIDaemonProcess in Apache configuration.
It will make Apache launch the child processes under a specific user.
For example :
...
WSGIDaemonProcess main user=myuser group=myuser threads=3 python-home=/path/to/the/virtualenv/
WSGIProcessGroup main
WSGIApplicationGroup %{GLOBAL}
...
This user will manage all operation, including read/write to any files, so check that it has all needed permissions on every related files.
For security concerns, you may not use a wide-privileged user.
Some comments can help in this post.
Note : be careful if you manage your own logging files with directives like ErrorLog in the Apache configuration, these files will follow the same logic of permissions. The same for any file that could be changed by the application.

Resolved the issue. It was due to database file permission conflict.

Just give www-data permision to your project and db
sudo chown www-data:www-data ProjectPath
sudo chown www-data:www-data dbPath

Faced this issue while hosting Django Rest Framework on IIS 7.5 / Windows 2008 Server. It was working fine on local host . I added new feature to handle file upload feature along with "file name" . The files were uploaded properly but the database seemed to not accept the text from "file name" string.
Solution :
Go to your concern database. (if you have not assigned any particular database,consider the file db.sqlite3 in base folder)
Right click on the db.sqlite3 --> Properties --> Security --> Edit --> Add
In the text box enter Everyone --> Checkname --> ok
Refresh the server at IIS and try to run the application.

Related

How to create an empty file using apache user in django or python instead of actual user of server

I need to create an empty file when createEmptyFile() is triggered in UI.
But it is giving error "touch: cannot touch 'hello.txt': Permission denied"
because instead of creating file with actual user (actualuser), it is creating with apache user
This is a django app using apache server, and using 'os' module and with 'touch' command i need to create file
def createEmptyFile():
print getpass.getuser()
os.system('touch hello.txt')
I expect file to be created but it is giving "touch: cannot touch 'hello.txt': Permission denied" because of file is creating using another user(apache) instead of actual user(anotheruser)
Output:
apache
touch: cannot touch 'hello.txt': Permission denied
Thanks #dirkgroten,
With your suggestion i've created a new folder called properties and given owner as linux user and group as apache and folder permission as 777 and that worked fine any how 777 not suggested but in my case there is no need of having security of that directory:
1) mkdir properties #created directory
2) sudo chown actualuser properties #change owner to linux user (actualuser)
3) sudo chown :apache properties #change group to apache
4) sudo chmod 777 properties #change folder permission as drwxrwxrwx
below is the result:
drwxrwxrwx 2 actualuser apache 111 Jul 23 05:19 properties

uWSGI project not starting -- /tmp/logs/uwsgi.log permission denied [core/logging.c line 28]

I am recovering a nginx/uwsgi/flask server that had been up for about a year. It was originally setup mostly following:
https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uwsgi-and-nginx-on-ubuntu-14-04
I have it back running such that nginx is serving static files, and I can run the flask app. However, the uwsgi gateway doesn't appear to work right.
When I attempt to start he project: sudo start myproject in the digital ocean example, it just says:
myproject stop/waiting
/var/log/upstart/myproject.log says:
/tmp/logs/uwsgi.log permission denied [core/logging.c line 28]
So, I am wondering what permissions I should have on the log file? I currently have www-data.myuser 764.
The log file must be owned by the user which runs the uwsgi process. In case with Digital Ocean tutorial this is the user user.
Please, note that Digital Ocean literally declares the following in the /etc/init/myproject.conf:
setuid user
setgid www-data
If you copy-pasted the code, try changing setuid user to setuid www-data. 0644 should be enough with proper user.

Django log file permissions with uwsgi

I'm using Django with uwsgi. The process runs as www-data user which is also the owner of all log files (both for uwsgi & Django). When I use RotatingFileHandler for logging in Django, the new log files are created with the following permissions:
-rw-r--r-- 1 www-data www-data
I've added the the currently logged-in user (ubuntu) to www-data group but still don't have write permission to the above log files. As a result, I can't run python manage.py test.
How can I tell either (i) uwsgi or (ii) logging framework or (iii) file handler to create log files with permissions 0660 so that both ubuntu & www-data can read/write to the log files.
There's a caveat though, if I run manage.py test and logrotation happens at that moment, the new log file would be owned by ubuntu user and uwsgi will complain. I don't know if it's possible to fix this with altering the current user/group permission structure.
I think what you need is to implement your own subclass as demonstrated in this SO

Permission error uploading user image via Django. The server is running as root, and the directory has 775 permissions

I am getting the following error when attempting to upload an image, when creating a new record in the admin interface.
Permission denied: '/home/jeffy/django_files/django_test/static/uploaded_files/1407616465_2016587_61DjIaZQI8L.jpg'
Relevant settings.py variables:
STATIC_ROOT = "/home/jeffy/django_files/django_test/static/"
MEDIA_ROOT=STATIC_ROOT
The output of
ls -l /home/jeffy/django_files/django_test/static/
is
drwxrwxr-x 2 jeffy jeffy 4096 Aug 9 16:32 uploaded_files
And the servers were started as user jeffy:
jeffy#originaldjangster:/etc/nginx/sites-available$ sudo service nginx start
jeffy#originaldjangster:/etc/nginx/sites-available$ sudo /home/jeffy/django_files/django_test_venv/bin/gunicorn -c /home/jeffy/django_files/django_test_venv/gunicorn_config.py django_test.wsgi
root
I placed this code at the end of settings.py
import getpass
print(getpass.getuser())
which is why "root" prints out after the gunicorn server is started.
Why can't this file be uploaded?
Here's the original gunicorn_config.py file:
command = '/home/jeffy/django_files/django_test_venv/bin/gunicorn'
pythonpath = '/home/jeffy/django_files/django_test'
bind = '127.0.0.1:8001'
workers = 1
user = 'nobody'
Changing nobody to jeffy makes it work (although it balked at the static and media directories being equal...I made a media folder next to the static one).
This setup is only for me to show off my Django chops. If this were a production environment, I do get that running the server as root is a bad idea.
Not sure how "bad" this setup really is, but it's working at least so far...

Changing file permissions for Apache - Django

I'm trying to modify file permissions in Linux so that Apache and Django have permission to read and write to the database. The path of my database file is
/var/www/tbg/database/database.sqlite3
I use these commands
chown www-data:www-data /var/www/tbg
chown www-data:www-data /var/www/tbg/database/database.sqlite3
Yet I get the same error (same error as is described here: sqlite3.OperationalError: unable to open database file).
To make sure the permissions are still not there, I can't paste content or create new folders. I can in the the subfolders of /tbg/, though, but not in /tbg/ itself.
I found the answer. I had neglected to change the file permissions of the directories inside /tbg/! With ls -l I was able to figure this out and then I typed
chmod www-data:www-data foldername
to enable apache to read and write to the directories. This must be done for every directory under your project's name (in my case /tbg/) -- and in every subdirectory under every subdirectory!

Categories