Closed tillmo closed 4 years ago
If in trouble, looking at ~/etc/quiz-update.sh
may help.
ISo e.g. if you update python_modules, make sure all subdirs in ${PYTHONUSERBASE}/
are searchable (x
) by the world, whereby in our case searchable by the group is sufficient as well because the user webadm
and executing daemon webservd
have the same group (i.e. webservd
).
Similar, if the service wants to write somewhere, it needs write permission. Unfortunately I can't find any hint in the output above, what it wants to write (hint: proper exception handling). backend/lqserver/db.sqlite3
is group writable ( =8-( ) and thus might not be the problem here.
Anyway, as pointed out several times, there should be a dedicated directory, where the running service is able to persist its data, no matter in which group it is running (debian nerds would probably make such a dir readable by the service, only). And this directory should be a runtime parameter! Because some day the app might be run as an apache httpd "plugin", the probably easiest way to pass it is to use an environment variable ...
sure there should be a configurable data directory, but this is the topic of #25.
If I give a+w permissions to db.sqlite3, it works. Hence it is very clear that db.sqlite3 is the problem. Also, a manually started python server does not exhibit the problem - but the user is then webadm
. Could you please try to manually start the server as webservd
?
I think you just forgot to migrate.
I think you just forgot to migrate.
No:
python3 manage.py migrate
Operations to perform:
Apply all migrations: QuizBoard, account, admin, auth, authtoken, contenttypes, sessions, sites, socialaccount
Running migrations:
No migrations to apply.
It seems that sqlite3 is not installed on the server. @jelmd, please install it.
apt-cache policy sqlite3
sqlite3:
Installed: (none)
Candidate: 3.22.0-1ubuntu0.3
Version table:
3.22.0-1ubuntu0.3 500
500 http://de.archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages
3.22.0-1 500
500 http://de.archive.ubuntu.com/ubuntu bionic/main amd64 Packages
webadm.quiz ~/ttq/backend/lqserver > sqlite3
sqlite3: Command not found.
webadm.quiz ~/ttq/backend/lqserver > /usr/bin/sqlite3
/usr/bin/sqlite3: Command not found.
dpkg -l |grep sqlit
ii libaprutil1-dbd-sqlite3:amd64 1.6.1-2 amd64 Apache Portable Runtime Utility Library - SQLite3 Driver
ii libsqlite3-0:amd64 3.22.0-1ubuntu0.3 amd64 SQLite 3 shared library
Python doe snot need the frontend, just the libs.
The service is running as webservd. Use ps to check. If you chmod a+w db.sqlite3 and it works, it is obviously an app bug. I guess, someone reinvented the wheel and does not open the file RW but uses some stat results to find out, whether it is readable, and does this in a wrong way ...
s/readable/writable/
The service is running as webservd. Use ps to check. If you chmod a+w db.sqlite3 and it works, it is obviously an app bug. I guess, someone reinvented the wheel and does not open the file RW but uses some stat results to find out, whether it is readable, and does this in a wrong way ...
But if this were true, then why does it work when started manually?
Could you please try to start it manually as webservd
?
by the way, the app can successfully read from the database. Only if the database needs to be modified, the error occurs.
Can you check now? The db file has now 0664 mode. Also can you insert a short check?
When trying the op which fails, create a new file right before and after in /tmp/
(/tmp/ is writable for all unless the file already exists and belongs to someone else) . So one can see, as what the service is currently running by ls -al /tmp/$file
.
Currently, it does not even work with 666 permissions. When writing a temp file immediately before the operation, I get
-rw------- 1 webservd webservd 0 Apr 4 18:09 tmp.RNntNg70Z7
-rw------- 1 webservd webservd 0 Apr 4 18:09 tmp.prBSJYNIKP
-rw------- 1 webservd webservd 0 Apr 4 18:09 tmp.cWEWMYnpge
-rw------- 1 webservd webservd 0 Apr 4 18:09 tmp.3BST55GEWx
-rw------- 1 webservd webservd 0 Apr 4 18:09 tmp.J2WJl458ww
-rw------- 1 webservd webservd 0 Apr 4 18:09 tmp.xOGlTmGWmO
-rw------- 1 webservd webservd 0 Apr 4 18:09 tmp.ZxqS9QB5hl
solved it! The folder containing the database also needs 664 permissions.
@jelmd please integrate this into ~/etc/quiz-update.sh
Change and commit via git? IIRC git preserves permissions?
Change and commit via git? IIRC git preserves permissions?
I think git can handle this if the repo is initialised with --share
. But we did not do this. Afterwards, you can still locally change the .git/config
, but I do not know how to propagate this to the github repo.
Just checked: Once upon a time, git saved/restored file permissions as well. Now it always applies the user's umask and thus the group writable usually gets masked out. --chmod=[+-]x seems to be the only "hook" to add a hint wrt. checkout permissions.
--share
makes sense for local repositories, only - e.g. if a group wants to have a common directory with the repo inside ...
etc/quiz-update.sh
changed.
Currently, the deployed backend always throws an error "attempt to write a readonly database", see below. If I manually start (on the server)
everything works. Also, if I make the database publicly readable, it works. It seems that the systemd script is run by a user who is not member of group
webservd
. The error can be reproduced with