Error message: "Attempt to write a readonly database"

anon62498003 · May 29, 2020, 2:07pm

me:

sudo cat -n /var/www/html/pihole/index.php | head -n 170 | tail -n 25

146 );
147 $queryAds = file($queryAdsURL, FILE_IGNORE_NEW_LINES);
148 $queryAds = array_values(array_filter(preg_replace("/data:\s+/", "", $queryAds)));
149 $queryTime = sprintf("%.0f", (microtime(true)-$_SERVER["REQUEST_TIME_FLOAT"]) - $preQueryTime);
150
151 // Exception Handling
152 try {
153 // Define Exceptions
154 if (strpos($queryAds[0], "No exact results") !== FALSE) {
155 // Return "none" into $queryAds array
156 return array("0" => "none");
157 } else if ($queryTime >= ini_get("default_socket_timeout")) {
158 // Connection Timeout
159 throw new Exception ("Connection timeout (".ini_get("default_socket_timeout")."s)");
160 } elseif (!strpos($queryAds[0], ".") !== false) {
161 // Unknown $queryAds output
162 throw new Exception ("Unhandled error message ($queryAds[0])");
163 }
164 return $queryAds;
165 } catch (Exception $e) {
166 // Return exception as array
167 return array("0" => "error", "1" => $e->getMessage());
168 }
169 }
170

deHakkelaar · May 29, 2020, 2:12pm

You can try move/backup the current databases to your home folder ~ and start fresh :

sudo service pihole-FTL stop

sudo mv /etc/pihole/{gravity.db,pihole-FTL.db} ~

sudo service pihole-FTL start

pihole -g -r

anon62498003 · May 29, 2020, 2:26pm

Ok, done with default adlist of Pi-Hole.

I don't have that file "/etc/pihole/gravity_temp.db"

Error again:

2020-05-29 16:25:35: (mod_fastcgi.c.421) FastCGI-stderr: PHP Warning: SQLite3Stmt::execute(): Unable to execute statement: attempt to write a readonly database in /var/www/html/admin/scripts/pi-hole/php/groups.php on line 507

anon62498003 · May 29, 2020, 2:30pm

As you can see:

via Terminal:
pihole --wild google.de
[i] Adding (^|.)google.de$ to the regex blacklist...
[✓] Reloading DNS lists

deHakkelaar · May 29, 2020, 2:34pm

I dont have that file either:

pi@ph5:~ $ stat /etc/pihole/gravity_temp.db
stat: cannot stat '/etc/pihole/gravity_temp.db': No such file or directory

What hardware is this running on and what distro did you install ?
Is any other software installed on this box ?
Any other alterations after the default OS install ?

anon62498003 · May 29, 2020, 2:34pm

over Pi-Hole admin-panel in my webbrowser:
(tried out also 2 other webbrowser, same there)

anon62498003 · May 29, 2020, 2:36pm

Ubuntu 19.04 is running.
Pi-Hole is running on my local PC because I don't have a Pi.

Since I've been using Pi-Hole V5 it's been causing trouble with the database.
Seems that this problem has/had other users here in the forum.

If this problem cannot be solved then
it would be good if you can also control the Pi-Hole database via terminal. Import of complete Blacklist, Adlist etc.

With Pi-Hole V4 this problem did not exist.

deHakkelaar · May 29, 2020, 2:41pm

If its your desktop PC, I wouldn't know what is installed/altered.
Hard to diagnose.

EDIT: last one ?

mount | grep '/ \|/etc'

anon62498003 · May 29, 2020, 2:47pm

yes.

By the way.

See here:

I did a test:
sudo service pihole-FTL stop

sudo sqlite3 /etc/pihole/gravity.db "delete from gravity where domain like '%.google.de';"

sudo service pihole-FTL start

Look here:

It's not removed via command above.

sqlite3 does not work to delete google.de from Pi-Hole database.

anon62498003 · May 29, 2020, 2:50pm

mount | grep '/ |/etc'

/dev/mapper/ubuntu--vg-root on / type ext4 (rw,noatime,nodiratime,errors=remount-ro)

anon62498003 · May 29, 2020, 2:54pm

sqlite3 -version

3.27.2 2019-02-25 16:06:06

bd49a8271d650fa89e446b42e513b595a717b9212c91dd384aab871fc1d0alt1

sqlite3 /etc/pihole/gravity.db

SQLite version 3.27.2 2019-02-25 16:06:06

Enter ".help" for usage hints.

sqlite> .tables

adlist domainlist_by_group vw_gravity
adlist_by_group gravity vw_regex_blacklist
client group vw_regex_whitelist
client_by_group info vw_whitelist
domain_audit vw_adlist
domainlist vw_blacklist

anon62498003 · May 29, 2020, 6:13pm

@ all,

I have the solution.

It was these two entries:

PrivateTmp=true
ProtectSystem=full

of

/lib/systemd/system/lighttpd.service

I removed these lines and now my Pi-Hole V5 is working 100%

yes bam bam

"S O L U T I O N"

yubiuser · May 29, 2020, 7:04pm

Glad for you.

This is not intended to remove entries from the blacklist but from the blocklist (gravity). Black - and whitelist are stored in another table (domainlist)

deHakkelaar · May 29, 2020, 7:41pm

Nice catch!
Post below for others to find:

hostnamectl | tail -3

dpkg -S /lib/systemd/system/lighttpd.service

apt policy lighttpd

anon62498003 · May 30, 2020, 8:43am

@ deHakkelaar

hostnamectl | tail -3

Operating System: Ubuntu 19.04
Kernel: Linux 5.0.0-38-generic
Architecture: x86-64

dpkg -S /lib/systemd/system/lighttpd.service

lighttpd: /lib/systemd/system/lighttpd.service

apt policy lighttpd

lighttpd:
Installed: 1.4.53-3ubuntu1
Candidate: 1.4.53-3ubuntu1
Version table:
*** 1.4.53-3ubuntu1 100
100 /var/lib/dpkg/status

my working lighttpd.service:
cat /lib/systemd/system/lighttpd.service

[Unit]
Description=####//"lighttpd"
After=network.target

[Service]
Type=simple
ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf
ExecStart=/usr/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf

####//: SeCUr!Ty
InaccessiblePaths=/boot
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
PrivateDevices=true
MemoryDenyWriteExecute=true
RestrictRealtime=true

[Install]
WantedBy=multi-user.target

These parameters block

PrivateTmp=true
ProtectSystem=full

Lighttpd from writing to the Pi-Hole database via the admin-panel in my webbrowser.

anon62498003 · May 30, 2020, 8:47am

@ msatter, I'm using not a device. (PI eg.)
Only my PC.

deHakkelaar · May 30, 2020, 1:55pm

That sounds as if you didnt install lighttpd from the official repos:

pi@ph5:~ $ apt policy lighttpd
lighttpd:
  Installed: 1.4.53-4
  Candidate: 1.4.53-4
  Version table:
 *** 1.4.53-4 500
        500 http://raspbian.raspberrypi.org/raspbian buster/main armhf Packages
        100 /var/lib/dpkg/status

Notice the path "http://raspbian.raspberrypi.org/raspbian" where the package is located.

anon62498003 · May 30, 2020, 2:34pm

@ deHakkelaar

I got it from Synaptic package manager.

I'm using 2x ethernet usb adapter, one for me to visit websites and at ethernet interface 2 is pi-hole running for localhost.

interface 1 is configured with DHCP (dhcpcd) - me, client
Interface 2 is configured at static (static ip) - pi-hole on localhost

Runs great incl. with https active on Lighttpd.

Greetings!

deHakkelaar · May 30, 2020, 2:49pm

Well probably if you had installed lighttpd from the official Ubuntu repos, you wouldnt have had these issues.

Cheers!

DanSchaper · May 30, 2020, 5:35pm

So, the TLDR of this is:

I told lighttpd to not access files:

####//: SeCUr!Ty
InaccessiblePaths=/boot
ProtectHome=true
ProtectKernelTunables=true
ProtectKernelModules=true
PrivateDevices=true
MemoryDenyWriteExecute=true
RestrictRealtime=true

It broke Pi-hole when it couldn't access files.