Error message: "Attempt to write a readonly database"

This is very likely a permission error somewhere.

@charlesjamesfox @BelowAverage Please also provide the output of the following

ls -lh /etc | grep pihole
ls -lh /etc/pihole/gravity.db
groups pihole

Do you use the lighttpd webserver installed by Pi-hole or do you run another webserver like apache2 or nginx?

I am using the DietPi installation of Pi-hole.

root@PiHole:~# ls -lh /etc | grep pihole
drwxrwxr-x 3 pihole pihole 4.0K Jan 19 13:09 pihole
root@PiHole:~# ls -lh /etc/pihole/gravity.db
-rw-rw-r-- 1 pihole pihole 99M Jan 19 12:35 /etc/pihole/gravity.db
root@PiHole:~# groups pihole
pihole : pihole

1 Like

I'm using Nginx. I chose not to install lighttpd during the install.

Results, as requested:

drwxrwxr-x 3 pihole pihole 4.0K Jan 19 15:10 pihole
-rw-rw-r-- 1 pihole pihole 9.6M Jan 19 14:10 /etc/pihole/gravity.db
pihole : pihole

Okay, so it seems you are both running non-standard configurations. Both times, your web server user is lacking group membership in the group pihole.

Not sure which user your web servers are running as (typical for lighttpd is www-data). Try to find out which is the correct web server user and add it to group pihole. Thereafter, restart your web server and try again. If this is not sufficient to communicate the new group membership (it should be), you might have to restart your system.

2 Likes

That worked, albeit I still have a slight issue.

As you suggested, I added user www-data to group pi-hole and rebooted the Pi (rebooting the service didn't do anything). Now, I can use the tools in Group Management.

I can also add domains to the whitelist. But . . . for some reason, the whitelist doesn't show me the items that are on it, and even when it works, it gives me "Failure!" messages. If I try to add a new item that I know is not on the list, it says the following:

If I try to add an entry that I know is already on there, it gives me an error:

In all cases, it doesn't show me what is on the list. The page looks like this:

Any ideas as to why? Thanks!

UPDATE: I cleared the cache in my browser, and everything showed up as expected. Thanks!
UPDATE 2: I said in an earlier post that the entries from my previous install had not migrated. This was incorrect. They just weren't showing up until this issue was resolved.

3 Likes

This worked. I am using lighttpd. For those with a similar issue. I checked to see which users existed, as @DL6ER said the default user for lighttpd is www-data. I confimed by checking the /etc/passwd file that the user existed and added the user to the pihole group.

usermod -a -G pihole www-data

^^ will add the pihole group to the www-data user. You will need to use this command with an elevated account or with sudo.

3 Likes

Hello,
Same problem here with dietpi but the solution seems to be working.

Thanks

I have the same: Error, something went wrong!
While executing domainlist_by_group statement: attempt to write a readonly database

Running pihole on Ubuntu with Apache2
Did the user and group thing, but does not help.

$ groups pihole
pihole : pihole www-data

$ groups www-data
www-data : www-data pihole

$ ls -lh /etc | grep pihole
drwxrwxr-x 3 pihole pihole 4,0K Mär 7 21:11 pihole

$ ls -lh /etc/pihole/gravity.db
-rw-rw-r-- 1 pihole pihole 120M Mär 7 20:59 /etc/pihole/gravity.db

Thanks
Markus

okay, got it fixed.
Reboot did the trick.

This still seems to be an issue when updating a fresh (2 Weeks ago) instance of Pihole to Beta5. Could this be fixed in the installer/updater?

If want to know the user that lighttpd runs under for your particular distro:

ps -o uid,user,gid,group,pid,cmd -C lighttpd

Eg. for Raspbian:

pi@noads:~ $ ps -o uid,user,gid,group,pid,cmd -C lighttpd
  UID USER       GID GROUP      PID CMD
   33 www-data    33 www-data  1880 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf

Bumping this thread to note:

  • this issue still exists
  • adding the www-data user to the pihole group (usermod -a -G pihole www-data) then rebooting fixed the issue

I'm running Diet-Pi v6.28.0 and Pi-hole vDev release/v5.0, v4.3.5-459-g0fad979.

Pi-hole v4 was installed using dietpi-software command then upgraded via CLI.

2 Likes

Please contact DietPi for support with their distribution.

I will do that.

But I also note that Pi-hole v4 worked fine when I installed it on a fresh Diet-Pi today. It was only after upgrading to v5 that the saving issue appeared. I'm assuming there's something different about how the web server user attempts to write to a database in v5 vs how it wrote to local files in the /etc/pihole directory in v4 and that's what's causing the error to appear.

I suspect that once v5 is out of Beta, the Diet-Pi devs will incorporate it into their software installer. I suppose it's also completely possible that this issue goes away when v5 is able to be installed fresh.

Ping @MichaIng

Yes, the difference is that v4.0 calls sudo pihole ... which does all the changes whereas v5.0 has a completely re-engineered security concept directly interacting with the database without having a script in the middle of the operations. This elegantly solves a lot of things where we had to do validations before, e.g., against bash command exploitation.

Well, for this we have:

:thinking:

Many thanks for reporting. Yes this is a known issue with Pi-hole v5 on current DietPi and has been fixed already for the upcoming release.

If users choose to install the webserver manually, then it might even run as a different user, hence adding www-data to pihole group would not change something. Of course in very most cases it's www-data, but guessing too much and relying on it, is probably not he best solution. Instead a clear documentation about the needs might be better.

I opened a PR to add some more information about what is required to do manually, when skipping webserver install through Pi-hole installer: web server question enhancements by MichaIng · Pull Request #3225 · pi-hole/pi-hole · GitHub

First it is asked whether to install the web interface, then it is asked whether to install webserver. Of course the second question does not make any sense if one already chose to not install the web interface, also practically in the script, choosing webserver has exactly zero effect when web interface is not chosen. The PR I linked also removes the webserver question when web interface was already deselected.

Now pihole does nothing, if you are not installing Lighttp.

The only things that are missing, and this only since Pi-hole v5 beta:

  • webserver permissions to access query database
  • PHP modules, i.e. php-intl, which is not part of most default PHP installs

Of course to have blocking page working as expected, the webserver needs to be configured to redirect 404 to it. And the admin web UI of course must be accessible by the webserver. But the blocking page is anyway not really recommended, at least not enabled by default and a performance penalty, and website access is somehow trivial.

IMO, if one already chooses to manually install and setup the webserver, I would skip really any related configure step. It can be wrong, it could even break things, if it does not match the manual system setup, or how it is/was intended.
PHP modules are btw a separate topic, since PHP has not really something to do with the webserver. But if a custom webserver setup is wanted, then a custom - probably custom compiled/package-less - PHP setup is present as well.

Got the same issue Stevejenkins Method works for me !!

Many Thanks

2 posts were split to a new topic: Read-only database