Can SQLite DB files be made read-only?

Question

Information from an SQLite DB is presented to user through a web server (displayed in an HTML browser). The DB is loaded once for all by a small application independent from the web server. DB data cannot be changed from user browser (this is a read-only service).

As the web-server has its own user-id, it accesses the SQLite DB file with "other" permissions. For security reason, I would like to set the DB file permissions as rw-rw-r--.

Unfortunately, with this permission set, I get a warning attempt to write a readonly database at line xxx which points to a line about a SELECT transaction (which in principle is read-only). Of course, I get no result.

If permissions are changed to rw-rw-rw, everything works fine, but that means everybody can tamper with the DB.

Is there any reason why SQLite DB cannot be accessed read-only?

Are there "behind-the-scene" processings which need write access, even for SELECT transactions?

Look-up on StackOverflow shows that people usually complain for the opposite situation: encountering a read-only access permission preventing writing to the DB. My goal is to protect my DB against ANY change attempt.

For the complete story, my web app is written in Perl and uses DBD::SQLite

Answer 1

You must connect to your SQLite db in readonly mode.

From the docs:

You can also set sqlite_open_flags (only) when you connect to a database:

use DBD::SQLite;
my $dbh = DBI->connect("dbi:SQLite:$dbfile", undef, undef, {
  sqlite_open_flags => DBD::SQLite::OPEN_READONLY,
});

-- https://metacpan.org/pod/DBD::SQLite#Database-Name-Is-A-File-Name

Answer 2

The solution is given in the answer to this question Perl DBI treats setting SQLite DB cache_size as a write operation when subclassing DBI.

It turns out that AutoCommit cannot be set to 0 with read-only SQLite DB. Explicitly forcing it to 1 in the read-only DB case solved the problem.

Thanks to all who gave clues and leads.