Astdb.sqlite3 has write permission for asterisk user but not asterisk group

Before I add this to the issue tracker I thought I would ask here if there is any good reason that
/var/lib/asterisk/astdb.sqlite3 allows asterisk user to write to it but not asterisk group.

Everything else in /var/lib/asterisk allows read and write permission by asterisk group so I don’t see why the astdb.sqlite3 file should be any different.

I am altering this permission myself using /etc/asterisk/freepbx_chown.conf because I need asterisk group to have permission for what I am doing. Seems to me this should already be the default unless I am missing something.

A caution . . .

Even as the asterisk database locking code is written multi-threaded , it is not multi-user friendly at all , even reading from astdb.sqlite3, never mind writing to it, while asterisk has it open will sooner or later cause a lock up.

BTDT. had to funnel everything through calls to

rasterisk -x 'database query . . . ’ to stop that happening

I just assumed it’s not multi-user and am not trying to use it in that way.

If you have two connections to one asterisk.db by two seperate processes, the locking mechanisms written in the code will sooner or later allow corruption of the database, at least that has been my experience, further, investigating the code seems to corroborate that lack of multi-access locking.

I am not trying to do anything like that, so that is not why I am asking about group access.

I simply gave a caution based on my experience, as although I realized that I have no idea what you are trying to do, I was hard pressed to understand why anything would need any access to that file if they didn’t want to read or write to it, so perhaps the group permissions where left off because someone else realized this vulnerability to be very damaging. The locked database proved impossible to retrieve for me.

Good luck though

I’m no expert on sqlite but I have always treated those files like any other file. I just assume I can’t access it concurrently like I can MySQL. That is not why I am asking about group write access.

Again if you interested in the contents of that file, perhaps this will help understanding

https://www.sqlite.org/lockingv3.html

I don’t think you can even read it concurrently while another process has it open and maintain consistency. I mean, you won’t maybe damage the database doing that, but if you try copying it while it FreePBX has it open, you may end up with a copy that is trash.

But your initial post asked about group WRITE access so it seems odd that you are saying you are NOT intending to write to it in a later post…

It’s more complicated than that, you continually get a ‘database is locked’ error when reading or writing, here a little discussion using python

but even when following the shared-lock rules, locks that are exceedingly difficult to resolve will happen randomly, asterisk won’t notice and continue to try to write.

My guess would be that creating the read lock requires write access.

No, even if opened RO, it is the client that will need to create the lock, which of course needs RW.

So what ARE you doing with it that needs group write permission?

Inquisitive minds want to know :slight_smile:

Devops, troubleshooting, and other things while asterisk is not running.

Sounds like there is no good reason so I will create an issue.

I already suggested that one good reason is to restrict access to that database to reduce inadvertent lockups as most folks have asterisk running as much as possible, but if using chmod for your edge-case case is not sufficient . . .

This topic was automatically closed 31 days after the last reply. New replies are no longer allowed.