DuckDB, Django and apache2 Permission Denied in production

I have a problem with my duckdb database, that I really don't seem to understand.

After I created a .db database and put it in the apache2/Django webapp root and gave www-data access to it and its directory, I still get permission denied.

Here's the weird part(s):

I don't get the permission error when I establish the connection, I only get it in the fetchdf() part.

con = duckdb(database='path/to/db.db',read_only=True)

P = con.execute('SELECT * FROM products LIMIT 1;')

p = p.fetchdf() # Here's where the error gets thrown

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
duckdb.duckdb.IOException: IO Error: Permission denied

When I run the same python code with the www-data, everything works nice. Also in the runserver situation it works without a problem. It seems that the issue is related the production environment.

I suspect that duckdb wants access to a certain directory or file that I have to make available in the apache2 config, but me and AI didn't know what or where.

Any help?

I tried changing the temp_directory, home_directory, extension_directory, and secret_directory to a directory within the webapp root directory.

I tried moving the db file to a different dir and gave apache permission to it also in the .conf.

Looks like a SELinux problem, if you've already tried adjusting file permissions and the permission denied error persists, it's very likely that SELinux is blocking access.

You can try the following commands to check if SELinux is blocking the access and fix the problem:

sudo ausearch -c 'python' --raw | audit2allow -M duckdb_access
sudo semodule -i duckdb_access.pp

sudo ausearch -c 'python' --raw | audit2allow -M duckdb_access: This command searches the SELinux audit logs for any access denials that the python process has encountered. It then uses audit2allow to generate an SELinux policy module named duckdb_access (can be another name, I just choose that name) containing rules to allow these accesses.

sudo semodule -i duckdb_access.pp: Installs the generate policy generated policy module (duckdb_access.pp) allowing python to execute the process.

If this resolves the issue, you'll know SELinux was the cause of the error.

Recent Questions & Answers

Signals with Channels updating one value at the time

Deployed Django Rest Framework API gives "Server got itself in trouble" on any call with payload

Error making django-oauth-toolkit migrations with add_token_checksum

Cannot connect to websocket

На сервере не работает smtp на django сайте

Template does not exists error in python anywhere

Twilio TTS Mispronounces "Aradhya" – How to Fix It?

Invalid Argument: X-Amz-Security-Token when my django-based website hosted by vercel tries to get static files from cloudflare r2

Django does not register apps [closed]

Django MultiValueDictKeyError: 'category' When Submitting Form

DuckDB, Django and apache2 Permission Denied in production

Recent Questions & Answers

Recommended entries on the topic