Making SQLite writable after restoring

Questions / Help
, ,
1

I’ve successfully restored a local DB to the server following the directions in this post. However, the restored file is now read only -rw-r--r--.

What chmod permissions would be best to set here? And do I need to update the user or group?

2

Hi… It can be done either way; I would leave the chmod permissions as-is but update the user and group:

# chown rails:rails /data/server.db

You can consult the USER directives in the Dockerfile to verify specific names, but it’s been rails in the Dockerfile excerpts that people have been posting in the forum lately.

Hope this helps!

1 Like
3

Added volumes

4

Thanks @mayailurus. I’m running that command but it’s not updating the permissions on the file.
-rw-r--r-- 1 rails rails

The User and Group have been updated, but I’m still getting an error an ActiveRecord error writing to the DB

ActiveRecord::StatementInvalid (SQLite3::ReadOnlyException: attempt to write a readonly database):

I’m assuming I’ll need to update the chmod setting here as well. What would be best practice / most secure in this instance?

Thanks for your help :slight_smile:

5

Just an update here. I’ve updated the permissions with:

chmod 664 /data/database.sqlite3

Updating the permissions to -rw-rw-r-- 1 rails rails. My DB writes are now working successfully. However just wanted to confirm this is the right permission level?

6

If you really want to minimize access, you can remove the final r-- with chmod o-r (lowercase letter “o”) and also check to see what other users you have running. (It looks like there might be at least one process with group rails but a different user ID. Maybe a background worker?)

$ fly m start
$ fly ssh console --user root
# apt-get update
# apt-get install --no-install-recommends procps
# ps aux

(This is for a Debian-based system.)

It will be hard to really lock things down without knowing which users are running!

Aside: I do take such measures myself, :black_cat:, but it’s the Firecracker VM overall that’s the main line of defense in the end. These others are more like speedbumps or warning strips…

1 Like
7

Thanks fort the clarification and aside @mayailurus. I just had a look and ps aux was already installed by default. The rails and root are the only two users running.

1 Like
8

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.