10

I have just created a Django project with 

python manage.py startapp smartrecruitment

I then ran a db sync

 python manage.py syncdb Operations to perform: Apply all migrations: admin, contenttypes, auth, sessions Running migrations: Applying contenttypes.0001_initial... OK Applying auth.0001_initial... OK Applying admin.0001_initial... OK Applying sessions.0001_initial... OK

And added my superuser, but I cannot access /admin in the browser. I have tried doing the following commands to give apache permissions, but have had no luck.

sudo chown apache <folder_containing_db.sqlite3> sudo chown apache db.sqlite3
Improve this question
5
  • Why are you running your project with Apache when it's in development? Use the dev server, it's easier. Commented Oct 13, 2014 at 8:25
  • It's not, but I was having trouble with Django 1.7, so wanted to simply get a basic project deployed on my server. Commented Oct 13, 2014 at 8:27
  • @Jon What makes you say the database is "read-only"? "I cannot access /admin in the browser" is vague. Cannot access how? Get an error in the browser? Get an error in the Apache logs? Some other error? Commented Oct 13, 2014 at 10:52
  • I get the error "Attempt to write a read-only database" when I go to that URL. It should be coming up with a login form for the admin section, but all I get is an error page with that message displayed. It is very similar to this issue... stackoverflow.com/questions/21054245/… Commented Oct 13, 2014 at 11:08
  • how is it different from the quesiton you've linked? Commented May 17, 2015 at 13:49

4 Answers 4

Reset to default
22

change owner of the project directory and database file www-data

chown www-data:www-data /home/username/Django chown www-data:www-data /home/username/Django/db.sqlite
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I don't know why someone downvoted it. This answer actually helped me!
This is not a good practice. Your www-data user has write permissions on your db (and needs to) so it works, but you also gave it write permissions to your entire codebase, which it definitely should not be able to do
4

You have indeed user/group permission problems : you need to run your webserver with a user who has read / write access to your db file (when using sqlite3)

Changing the owner and the group of your entire project is a bad idea since it would allow your web server user to write on your codebase, which is never a good practice.

A better idea is to use a real database in production instead of sqlite to avoid this.

https://docs.djangoproject.com/en/1.9/ref/settings/#databases

If you want to stick with sqlite : place your sqlite file outside of your project repository and give it and the containing directory correct read/write accesses (for instance only www-data can write, but then you need to run your django commands as www-data)

some_dir [your_user:your_group] --- your_django_project [github_user:github_user] --- another_dir [www-data:www-data] |--- db.sqlite3 [www-data:www-data]

And your webserver (apache / nginx ) runs as www-data

Improve this answer

2 Comments

can you please add some sample code here? this is more a theoretical answer which does not completely solve the issue. it already sounds right but it qould be perfect if you add some code too! Thanks!
I've edited my response, there is no code involved since it's just permissions
1

I was looking for the solution, as I followed CentOS tutorial by this link. https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-apache-and-mod_wsgi-on-centos-7

Here is the permission for that tutorial,

sudo usermod -a -G root apache chmod 710 /root/myproject chown apache:apache /root/myproject chown apache:apache /root/myproject/db.sqlite
Improve this answer

Comments

0

In short, it happens when the application which writes to the sqlite database does not have write permission.

This can be solved in three ways:

  1. Granting ownership of db.sqlite3 file and its parent directory (thereby write access also) to the user using chown (Eg: chown username db.sqlite3 )
  2. Running the webserver (often gunicorn) as root user (run the command sudo -i before you run gunicorn or django runserver)
  3. Allowing read and write access to all users by running command chmod 777 db.sqlite3 (Dangerous option)

Note: Never go for the third option unless you are running the webserver in a local machine or the data in the database is not at all important for you.

Second option is also dangerous as @mateuszb said. Risk of code injection is very low in Django since Django is designed in such a way. In Django, capture of entire OS can happen only if the developer writes horribly vulnerable code using eval or exec. If you are not confident about your code quality or even don't know what code injection is, second option is not for you.

Moreover, this error does not occur if you are using a database like mysql and Postgres. Sqlite is not a good option for a webserver with a high traffic.

Improve this answer

4 Comments

Never do 2 either. Any gap in your code gives sudo rights to the hacker.
@mateuszb I agree. Can you give a typical example?
I am not sure what would a typical one be, but any code injection could lead to the capture of entire operating system, putting at risk the internal network. If the website belongs to apache (as in the case of apache httpd) then the hacker is limited only to the files it owns and can write to - which should exclude even its own code. Limited tools should also be available to such a user (no ssh etc).
@mateuszb Risk of code injection is very low in Django since django is designed in such a way. In Django, capture of entire OS can happen only if the developer writes horribly vulnerable code using eval or exec

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.