Attempt to write a readonly database - Django w/ SELinux error

noblerare picture noblerare · Jan 10, 2014 · Viewed 119.9k times · Source

I have a CentOS server on which I have Apache, Django, Django CMS and mod_wsgi. My Django project files are stored in the /srv directory and I have SELinux turned on for security reasons.

I've managed to successfully integrate Django-CMS into Django and when I visit the local IP, I see my pages. However, when I try to visit /admin (where I can start making use of the CMS functionality), I get DatabaseError at /admin/ attempt to write a readonly database.

Okay.

So, since I have a .sqlite file in my project folder, I ran a ls -l on it which returned:

-rw-r--r--.  1 root root 133120 Jan 5 11:53   DATABASE.sqlite

Okay, so I figured perhaps Apache couldn't read that file due to some permissions reasons so after a bunch of research on similar problems on Stackoverflow, I ran:

> chmod 664 DATABASE.sqlite
> chown apache /srv/mysite
> chown apache /srv/mysite/DATABASE.sqlite

Now, the ls -l output reads:

-rw-rw-r--.  1 apache root 133120 Jan 5 11:53  DATABASE.sqlite

Unfortunately, I still get the same error when trying to access /admin on my Django app. Any help would be greatly appreciated! Probably something to do with SELinux permissions but I have no idea where to start in diagnosing what permissions issue is going on.

EDIT:

I ran

> chown apache:apache /srv/mysite
> chown apache:apache /srv/mysite/DATABASE.sqlite

and a quick ls -l reveals that the owner of the mysite directory and the .sqlite file is now apache. However, I still get errors when trying to visit the /admin page. I chmoded the /srv/mysite directory to 757 and DATABASE.sqlite file to 756 because that's the best I can do to get the permissions to work out. I was told that this is a security risk but I can't seem to figure out how to give it less permissions and get pass by unable to read/open database file errors. Is it because of SELinux?

FYI, I'm operating under a regular user account in CentOS and sudo whenever I need to elevate:

[noblerare@localhost ]$

Answer

niekas picture niekas · Jan 10, 2014

You have to add writing rights to the directory in which your sqlite database is stored. So running chmod 664 /srv/mysite should help.

This is a security risk, so better solution is to change the owner of your database to www-data:

chown www-data:www-data /srv/mysite
chown www-data:www-data /srv/mysite/DATABASE.sqlite