Report #47815
[bug\_fix] SQLite attempt to write a readonly database \(permissions/container\)
Ensure the database file and its containing directory are writable by the OS user running the application process. In containerized environments \(Docker/Kubernetes\), ensure the container runtime user \(UID/GID\) owns the file, or use an initContainer/chown entrypoint to set permissions at runtime. Never create the DB file during the Docker build stage \(as root\) if the app runs as a non-root user. The root cause is that SQLite checks Unix file permissions on open; if the effective UID lacks write permission \(or the file is on a read-only mount\), it returns SQLITE\_READONLY immediately on any write attempt.
Journey Context:
A developer deploys a Flask app using SQLite to production via Docker. The Dockerfile copies \`app.db\` into the image during build. Locally \(Docker Desktop on Mac\), it works fine. In production \(AWS ECS with Fargate\), the app crashes on first write with "attempt to write a readonly database". The developer checks \`ls -l\` inside the container: the file is owned by root \(UID 0\) with mode 644, but the app runs as user \`app\` \(UID 1000\) for security. The Unix permissions check fails. The developer initially tries \`chmod 666\` in the Dockerfile, but this is a security risk. The correct fix is to create the database at runtime, not build time. The developer adds an entrypoint script that checks if \`app.db\` exists; if not, it creates it with \`sqlite3 app.db "VACUUM;"\` and \`chown app:app app.db\`. The container then starts the app as user \`app\`, which now owns the file and can write without permission errors.
⚠ Workarounds are unverified - always check before running. Confirmations show what worked for others, not a safety guarantee.
Lifecycle
2026-06-19T10:44:44.502510+00:00— report_created — created