试图写一个只读数据库 - Django w / SELinux错误 [英] Attempt to write a readonly database - Django w/ SELinux error

问题描述

我有一个CentOS服务器，我有Apache，Django，Django CMS和mod_wsgi。我的Django项目文件存储在 / srv 目录中，出于安全考虑，我启用了SELinux。

I我已经设法成功地将Django-CMS整合到Django中，当我访问本地IP时，我看到我的网页。但是，当我尝试访问/管理（我可以开始使用CMS功能）时，我在/ admin /尝试写入一个只读数据库的 DatabaseError。 / p>



好的。

所以，因为我有一个 .sqlite 文件在我的项目文件夹中，我运行了一个 ls -l <​​/ code>，返回：

  -rw-R  -  R--。 1 root root 133120 Jan 5 11:53 DATABASE.sqlite 
  

好吧，所以我想也许Apache cann'由于某些权限原因，t读取该文件，因此在对Stackoverflow上的类似问题进行了一系列研究后，我跑了：

 > chmod 664 DATABASE.sqlite 
> chown apache / srv / mysite 
> chown apache /srv/mysite/DATABASE.sqlite 
  

现在， ls - l 输出为：

  -rw-rw-r--。 1 apache root 133120 Jan 5 11:53 DATABASE.sqlite 
  

不幸的是，我仍然得到相同的错误尝试访问/管理我的Django应用程序。任何帮助将不胜感激！可能与SELinux权限有关，但我不知道从哪里开始诊断出现哪些权限问题。

编辑： p>

我跑了

 > chown apache：apache / srv / mysite 
> chown apache：apache /srv/mysite/DATABASE.sqlite 
  

和快速 ls -l <​​/ code>显示 mysite 目录和 .sqlite 文件的所有者是现在 apache 。但是，当尝试访问 / admin 页面时，我仍然收到错误。我将 chmod 将 / srv / mysite 目录编入757和 DATABASE.sqlite 文件到756，因为这是我可以做的最好的获得权限的工作。我被告知这是一个安全风险，但我似乎无法弄清楚如何减少权限，并通过无法读取/打开数据库文件错误。是因为SELinux吗？

FYI，我正在CentOS的一个常规用户帐户下运行，每当需要升级时，都会自动运行：

  [noblerare @ localhost] $ 
  

解决方案

您必须向存储sqlite数据库的目录添加写入权限。所以运行 chmod 664 / srv / mysite 应该有帮助。

这是一个安全风险，所以更好的解决方案是将数据库的所有者更改为 www-data ：

  chown www数据：www-data / srv / mysite 
 chown www-data：www-data /srv/mysite/DATABASE.sqlite 
  

I have a CentOS server on which I have Apache, Django, Django CMS and mod_wsgi. My Django project files are stored in the /srv directory and I have SELinux turned on for security reasons.

I've managed to successfully integrate Django-CMS into Django and when I visit the local IP, I see my pages. However, when I try to visit /admin (where I can start making use of the CMS functionality), I get DatabaseError at /admin/ attempt to write a readonly database.

Okay.

So, since I have a .sqlite file in my project folder, I ran a ls -l on it which returned:

-rw-r--r--.  1 root root 133120 Jan 5 11:53   DATABASE.sqlite

Okay, so I figured perhaps Apache couldn't read that file due to some permissions reasons so after a bunch of research on similar problems on Stackoverflow, I ran:

> chmod 664 DATABASE.sqlite
> chown apache /srv/mysite
> chown apache /srv/mysite/DATABASE.sqlite

Now, the ls -l output reads:

-rw-rw-r--.  1 apache root 133120 Jan 5 11:53  DATABASE.sqlite

Unfortunately, I still get the same error when trying to access /admin on my Django app. Any help would be greatly appreciated! Probably something to do with SELinux permissions but I have no idea where to start in diagnosing what permissions issue is going on.

EDIT:

I ran

> chown apache:apache /srv/mysite
> chown apache:apache /srv/mysite/DATABASE.sqlite

and a quick ls -l reveals that the owner of the mysite directory and the .sqlite file is now apache. However, I still get errors when trying to visit the /admin page. I chmoded the /srv/mysite directory to 757 and DATABASE.sqlite file to 756 because that's the best I can do to get the permissions to work out. I was told that this is a security risk but I can't seem to figure out how to give it less permissions and get pass by unable to read/open database file errors. Is it because of SELinux?

FYI, I'm operating under a regular user account in CentOS and sudo whenever I need to elevate:

[noblerare@localhost ]$

解决方案

You have to add writing rights to the directory in which your sqlite database is stored. So running chmod 664 /srv/mysite should help.

This is a security risk, so better solution is to change the owner of your database to www-data:

chown www-data:www-data /srv/mysite
chown www-data:www-data /srv/mysite/DATABASE.sqlite

这篇关于试图写一个只读数据库 - Django w / SELinux错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！