[GH-ISSUE #391] separate libraries from user files #293

New issue

Open

opened 2026-02-27 16:38:45 +03:00 by kerem · 0 comments

kerem commented

2026-02-27 16:38:45 +03:00

Owner

Originally created by @Nowaker on GitHub (Aug 23, 2014).
Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/391

There are two kinds of files. The first is libraries. They should be owned by root, so that under no circumstances can nginx or the webapp itself change its source code. The libraries usually exist in /usr/lib. PHP apps reside in /usr/share/webapps/ directory in Arch Linux, but it's essentially the same. Owned by root, all the source is read only and 100% secure.

The other kind of files is user files. They may be config files like some logs, or whatever the Django application creates or changes (e.g. .secret_key_store). They usually exist in /var/lib and have appropriate permissions (0700) and owner (webvirtmgr:webvirtmgr - the same as specified in webvirtmgr.ini supervisord rule).

I've built WebVirtMgr package for Arch Linux according to these rules, but failed with this error when running syncdb. Sure, it succeeds after running as root, but the thing is I'd want .secret_key_store and the SQLite database to be stored in /var/lib/webvirtmgr, not somewhere in /usr/lib/. It's probably a matter of changing some paths somewhere. Can you advise?

What I just came up with is to add an optional parameter: ./manage.py syncdb --dir /var/lib/webvirtmgr. It would generate both the SQLite database and the application config in the given directory. Does it sound good?

root@nwkr-desktop /usr/lib/webvirtmgr # sudo -u webvirtmgr python2 ./manage.py syncdb
WARNING:root:No local_settings file found.
Traceback (most recent call last):
  File "./manage.py", line 10, in <module>
    execute_from_command_line(sys.argv)
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 453, in execute_from_command_line
    utility.execute()
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 392, in execute
    self.fetch_command(subcommand).run_from_argv(self.argv)
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 263, in fetch_command
    app_name = get_commands()[subcommand]
  File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 109, in get_commands
    apps = settings.INSTALLED_APPS
  File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 53, in __getattr__
    self._setup(name)
  File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 48, in _setup
    self._wrapped = Settings(settings_module)
  File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 132, in __init__
    mod = importlib.import_module(self.SETTINGS_MODULE)
  File "/usr/lib/python2.7/site-packages/django/utils/importlib.py", line 35, in import_module
    __import__(name)
  File "/usr/lib/webvirtmgr/webvirtmgr/settings.py", line 166, in <module>
    '.secret_key_store'))
  File "/usr/lib/webvirtmgr/webvirtmgr/utils/secret_key.py", line 56, in generate_or_read_from_file
    with open(key_file, 'w') as f:
IOError: [Errno 13] Permission denied: '/usr/lib/webvirtmgr/webvirtmgr/local/.secret_key_store'

Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in get_response
    response = middleware_method(request, response)
  File "/usr/lib/python2.7/site-packages/django/contrib/sessions/middleware.py", line 38, in process_response
    request.session.save()
  File "/usr/lib/python2.7/site-packages/django/contrib/sessions/backends/db.py", line 57, in save
    obj.save(force_insert=must_create, using=using)
  File "/usr/lib/python2.7/site-packages/django/db/models/base.py", line 546, in save
    force_update=force_update, update_fields=update_fields)
  File "/usr/lib/python2.7/site-packages/django/db/models/base.py", line 650, in save_base
    result = manager._insert([self], fields=fields, return_id=update_pk, using=using, raw=raw)
  File "/usr/lib/python2.7/site-packages/django/db/models/manager.py", line 215, in _insert
    return insert_query(self.model, objs, fields, **kwargs)
  File "/usr/lib/python2.7/site-packages/django/db/models/query.py", line 1675, in insert_query
    return query.get_compiler(using=using).execute_sql(return_id)
  File "/usr/lib/python2.7/site-packages/django/db/models/sql/compiler.py", line 943, in execute_sql
    cursor.execute(sql, params)
  File "/usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py", line 366, in execute
    six.reraise(utils.DatabaseError, utils.DatabaseError(*tuple(e.args)), sys.exc_info()[2])
  File "/usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py", line 362, in execute
    return Database.Cursor.execute(self, query, params)
DatabaseError: attempt to write a readonly database

Originally created by @Nowaker on GitHub (Aug 23, 2014). Original GitHub issue: https://github.com/retspen/webvirtmgr/issues/391 There are two kinds of files. The first is libraries. They should be owned by root, so that under no circumstances can nginx or the webapp itself change its source code. The libraries usually exist in `/usr/lib`. PHP apps reside in `/usr/share/webapps/` directory in Arch Linux, but it's essentially the same. Owned by root, all the source is read only and 100% secure. The other kind of files is user files. They may be config files like some logs, or whatever the Django application creates or changes (e.g. `.secret_key_store`). They usually exist in `/var/lib` and have appropriate permissions (0700) and owner (webvirtmgr:webvirtmgr - the same as specified in webvirtmgr.ini supervisord rule). I've built WebVirtMgr package for Arch Linux according to these rules, but failed with this error when running `syncdb`. Sure, it succeeds after running as root, but the thing is I'd want `.secret_key_store` and the SQLite database to be stored in `/var/lib/webvirtmgr`, not somewhere in `/usr/lib/`. It's probably a matter of changing some paths somewhere. Can you advise? What I just came up with is to add an optional parameter: `./manage.py syncdb --dir /var/lib/webvirtmgr`. It would generate both the SQLite database and the application config in the given directory. Does it sound good? ``` root@nwkr-desktop /usr/lib/webvirtmgr # sudo -u webvirtmgr python2 ./manage.py syncdb WARNING:root:No local_settings file found. Traceback (most recent call last): File "./manage.py", line 10, in <module> execute_from_command_line(sys.argv) File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 453, in execute_from_command_line utility.execute() File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 392, in execute self.fetch_command(subcommand).run_from_argv(self.argv) File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 263, in fetch_command app_name = get_commands()[subcommand] File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line 109, in get_commands apps = settings.INSTALLED_APPS File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 53, in __getattr__ self._setup(name) File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 48, in _setup self._wrapped = Settings(settings_module) File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 132, in __init__ mod = importlib.import_module(self.SETTINGS_MODULE) File "/usr/lib/python2.7/site-packages/django/utils/importlib.py", line 35, in import_module __import__(name) File "/usr/lib/webvirtmgr/webvirtmgr/settings.py", line 166, in <module> '.secret_key_store')) File "/usr/lib/webvirtmgr/webvirtmgr/utils/secret_key.py", line 56, in generate_or_read_from_file with open(key_file, 'w') as f: IOError: [Errno 13] Permission denied: '/usr/lib/webvirtmgr/webvirtmgr/local/.secret_key_store' ``` ``` Traceback (most recent call last): File "/usr/lib/python2.7/site-packages/django/core/handlers/base.py", line 187, in get_response response = middleware_method(request, response) File "/usr/lib/python2.7/site-packages/django/contrib/sessions/middleware.py", line 38, in process_response request.session.save() File "/usr/lib/python2.7/site-packages/django/contrib/sessions/backends/db.py", line 57, in save obj.save(force_insert=must_create, using=using) File "/usr/lib/python2.7/site-packages/django/db/models/base.py", line 546, in save force_update=force_update, update_fields=update_fields) File "/usr/lib/python2.7/site-packages/django/db/models/base.py", line 650, in save_base result = manager._insert([self], fields=fields, return_id=update_pk, using=using, raw=raw) File "/usr/lib/python2.7/site-packages/django/db/models/manager.py", line 215, in _insert return insert_query(self.model, objs, fields, **kwargs) File "/usr/lib/python2.7/site-packages/django/db/models/query.py", line 1675, in insert_query return query.get_compiler(using=using).execute_sql(return_id) File "/usr/lib/python2.7/site-packages/django/db/models/sql/compiler.py", line 943, in execute_sql cursor.execute(sql, params) File "/usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py", line 366, in execute six.reraise(utils.DatabaseError, utils.DatabaseError(*tuple(e.args)), sys.exc_info()[2]) File "/usr/lib/python2.7/site-packages/django/db/backends/sqlite3/base.py", line 362, in execute return Database.Cursor.execute(self, query, params) DatabaseError: attempt to write a readonly database ```