Proper write permissions for apache user with SQLite

Question

There are many different variants of this question on SO, but I've found none that actually explain what specific permissions should be granted to allow apache to write to an SQLite DB safely/with minimal risk. I've asked this question because there's plenty of information on the general concept of allowing write access for the apache user, but no specifics on how to grant that access to the apache user with minimal required permissions.

Given my web app's structure with the sqlite db outside the web root:

/var/
├── databases/
│   └── myapp/
│       └── db.sqlite3 (PERMISSIONS)
│
├── www/html/ (web root)
│   ├── index.php
│   └── includes/ 
│       ├── include1.php
│       └── ...

When I call a PHP script that tries to perform a write operation on the DB, I get the following error in apache2's error.log:

PHP Fatal error:  Uncaught PDOException: SQLSTATE[HY000]: General error: 8 attempt to write a readonly database in /var/www/html/includes/include1.php:xx\nStack trace:\n#0 /var/www/html/includes/include1.php(xx): PDOStatement->execute()\n#1 {main}\n  thrown in /var/www/html/includes/include1.php on line xx, referer: ...

I know from various SO questions and from the PDO manual that the solution to this problem is to grant write access for the database's directory to the www-data user, but I'm relatively new to permissions and how to safely grant them. Can someone specify what permissions level should be granted to the www-data user, and how to accomplish this?

Answer 1

This really depends on apache server configuration (maybe you are not allowed to exit virtual host directory), but this could do the trick

chown -R www-data:www-data /var/databases/myapp/
chmod -R u+w /var/databases/myapp/