Before I add this to the issue tracker I thought I would ask here if there is any good reason that /var/lib/asterisk/astdb.sqlite3 allows asterisk user to write to it but not asterisk group.
Everything else in /var/lib/asterisk allows read and write permission by asterisk group so I don’t see why the astdb.sqlite3 file should be any different.
I am altering this permission myself using /etc/asterisk/freepbx_chown.conf because I need asterisk group to have permission for what I am doing. Seems to me this should already be the default unless I am missing something.
Even as the asterisk database locking code is written multi-threaded , it is not multi-user friendly at all , even reading from astdb.sqlite3, never mind writing to it, while asterisk has it open will sooner or later cause a lock up.
BTDT. had to funnel everything through calls to
rasterisk -x 'database query . . . ’ to stop that happening
If you have two connections to one asterisk.db by two seperate processes, the locking mechanisms written in the code will sooner or later allow corruption of the database, at least that has been my experience, further, investigating the code seems to corroborate that lack of multi-access locking.
I simply gave a caution based on my experience, as although I realized that I have no idea what you are trying to do, I was hard pressed to understand why anything would need any access to that file if they didn’t want to read or write to it, so perhaps the group permissions where left off because someone else realized this vulnerability to be very damaging. The locked database proved impossible to retrieve for me.
I’m no expert on sqlite but I have always treated those files like any other file. I just assume I can’t access it concurrently like I can MySQL. That is not why I am asking about group write access.
I don’t think you can even read it concurrently while another process has it open and maintain consistency. I mean, you won’t maybe damage the database doing that, but if you try copying it while it FreePBX has it open, you may end up with a copy that is trash.
But your initial post asked about group WRITE access so it seems odd that you are saying you are NOT intending to write to it in a later post…
It’s more complicated than that, you continually get a ‘database is locked’ error when reading or writing, here a little discussion using python
but even when following the shared-lock rules, locks that are exceedingly difficult to resolve will happen randomly, asterisk won’t notice and continue to try to write.
I already suggested that one good reason is to restrict access to that database to reduce inadvertent lockups as most folks have asterisk running as much as possible, but if using chmod for your edge-case case is not sufficient . . .