Error message: "Attempt to write a readonly database"

mbj1703 · March 7, 2020, 9:07pm

okay, got it fixed.
Reboot did the trick.

bonsi · March 10, 2020, 8:09pm

This still seems to be an issue when updating a fresh (2 Weeks ago) instance of Pihole to Beta5. Could this be fixed in the installer/updater?

deHakkelaar · March 11, 2020, 1:05pm

If want to know the user that lighttpd runs under for your particular distro:

ps -o uid,user,gid,group,pid,cmd -C lighttpd

Eg. for Raspbian:

pi@noads:~ $ ps -o uid,user,gid,group,pid,cmd -C lighttpd
  UID USER       GID GROUP      PID CMD
   33 www-data    33 www-data  1880 /usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf

stevejenkins · March 28, 2020, 9:07pm

Bumping this thread to note:

this issue still exists
adding the www-data user to the pihole group (usermod -a -G pihole www-data) then rebooting fixed the issue

I'm running Diet-Pi v6.28.0 and Pi-hole vDev release/v5.0, v4.3.5-459-g0fad979.

Pi-hole v4 was installed using dietpi-software command then upgraded via CLI.

jfb · March 28, 2020, 9:09pm

Please contact DietPi for support with their distribution.

stevejenkins · March 28, 2020, 9:15pm

I will do that.

But I also note that Pi-hole v4 worked fine when I installed it on a fresh Diet-Pi today. It was only after upgrading to v5 that the saving issue appeared. I'm assuming there's something different about how the web server user attempts to write to a database in v5 vs how it wrote to local files in the /etc/pihole directory in v4 and that's what's causing the error to appear.

I suspect that once v5 is out of Beta, the Diet-Pi devs will incorporate it into their software installer. I suppose it's also completely possible that this issue goes away when v5 is able to be installed fresh.

yubiuser · March 29, 2020, 6:49am

Ping @MichaIng

DL6ER · March 29, 2020, 7:03am

Yes, the difference is that v4.0 calls sudo pihole ... which does all the changes whereas v5.0 has a completely re-engineered security concept directly interacting with the database without having a script in the middle of the operations. This elegantly solves a lot of things where we had to do validations before, e.g., against bash command exploitation.

Well, for this we have:

github.com

pi-hole/pi-hole/blob/0fad979206d97473466957dcfd4832bf29edc20a/automated install/basic-install.sh#L1940


      
              # Set the owner and permissions
              chown ${LIGHTTPD_USER}:${LIGHTTPD_GROUP} ${webroot}
              chmod 0775 ${webroot}
              # Repair permissions if /var/www/html is not world readable
              chmod a+rx /var/www
              chmod a+rx /var/www/html
              # Give pihole access to the Web server group
              usermod -a -G ${LIGHTTPD_GROUP} pihole
              # Give lighttpd access to the pihole group so the web interface can
              # manage the gravity.db database
              usermod -a -G pihole ${LIGHTTPD_USER}
              # If the lighttpd command is executable,
              if is_command lighty-enable-mod ; then
                  # enable fastcgi and fastcgi-php
                  lighty-enable-mod fastcgi fastcgi-php > /dev/null || true
              else
                  # Otherwise, show info about installing them
                  printf "  %b Warning: 'lighty-enable-mod' utility not found\\n" "${INFO}"
                  printf "      Please ensure fastcgi is enabled if you experience issues\\n"
              fi
          fi

MichaIng · March 29, 2020, 10:22am

Many thanks for reporting. Yes this is a known issue with Pi-hole v5 on current DietPi and has been fixed already for the upcoming release.

If users choose to install the webserver manually, then it might even run as a different user, hence adding www-data to pihole group would not change something. Of course in very most cases it's www-data, but guessing too much and relying on it, is probably not he best solution. Instead a clear documentation about the needs might be better.

I opened a PR to add some more information about what is required to do manually, when skipping webserver install through Pi-hole installer: web server question enhancements by MichaIng · Pull Request #3225 · pi-hole/pi-hole · GitHub

MichaIng · March 29, 2020, 2:46pm

First it is asked whether to install the web interface, then it is asked whether to install webserver. Of course the second question does not make any sense if one already chose to not install the web interface, also practically in the script, choosing webserver has exactly zero effect when web interface is not chosen. The PR I linked also removes the webserver question when web interface was already deselected.

Now pihole does nothing, if you are not installing Lighttp.

The only things that are missing, and this only since Pi-hole v5 beta:

webserver permissions to access query database
PHP modules, i.e. php-intl, which is not part of most default PHP installs

Of course to have blocking page working as expected, the webserver needs to be configured to redirect 404 to it. And the admin web UI of course must be accessible by the webserver. But the blocking page is anyway not really recommended, at least not enabled by default and a performance penalty, and website access is somehow trivial.

IMO, if one already chooses to manually install and setup the webserver, I would skip really any related configure step. It can be wrong, it could even break things, if it does not match the manual system setup, or how it is/was intended.
PHP modules are btw a separate topic, since PHP has not really something to do with the webserver. But if a custom webserver setup is wanted, then a custom - probably custom compiled/package-less - PHP setup is present as well.

xXCyb3r · May 10, 2020, 9:17pm

Got the same issue Stevejenkins Method works for me !!

Many Thanks

jfb · May 14, 2020, 1:42pm

2 posts were split to a new topic: Read-only database

makol · May 15, 2020, 4:05pm

I have the same issue. I can not manage groups, clients and so on.
I did "usermod -a -G pihole www-data" then rebooted the device, but that does not fix the issue.
I am as well not sure which webserver is installed on my device. Since I installed this related to the installation description on Pi-hole v5.0 is here! – Pi-hole. But I started with Pi-Hole V4 and did the update to V5 yesterday. And after this I run into the issue.

What todo next?

flmaxey · May 16, 2020, 12:19am

That did it for me Since this has served as a reminder, a donation is on the way.
I appreciate your work and the help.
Thanks and Regards

jfb · May 25, 2020, 4:13pm

A post was split to a new topic: Read-only database error

Max_42 · May 28, 2020, 2:02pm

I had the same Problem and it worked for me: Unable to maintain black/white list in web interface · Issue #1077 · pi-hole/AdminLTE · GitHub

sudo chmod g+w /etc/pihole

The Problem was caused by Updating.

thomedes · May 30, 2020, 1:33pm

Same problem here. Running pi-hole on Apache2 on RPi3B

Solved by doing:

sudo adduser www-data pihole
sudo systemctl restart apache2

Rasta_Cre · June 5, 2020, 11:52pm

I somehow ended up with the same problem and a Repair via pihole -r fixed the issue.

bjoern.rms · June 26, 2020, 2:58pm

THAT WORKED FOR ME THAAAAANK YOUUU

joffa5555 · July 3, 2020, 1:44pm

Bingo, did the trick. Thanks!