Allow aa-exec temp user to gain access to a folder

I am currently working on a bash script which has a user that is created for the job it is running. The user does not exist outside of the script. I am trying to test my code coverage while leaving the user intact.

exec aa-exec -p test-user -- coverage run --source=/test/server ./main.py

The problem is that the test-user does not have access to the code coverage folder. After running chmod -R 777 /usr/local/bin/coverage I still get /usr/bin/python: can't open file '/usr/local/bin/coverage': [Errno 13] Permission denied. I have also tried to temporarily elevate the user inside the bash script using sudo, but because the user only exists inside the file, the sudoers file throws an exception.

I am currently out of ideas since the permissions for this user have to remain restricted ideally. Any suggestions?

1 answer

  • answered 2017-11-14 23:26 Tomáš Pospíšek

    Have you checked, that the user has access to each of the directories above?

    I.e. the user needs to have 'x' and 'r' rights to each of these directories:

    /usr
    /usr/local
    /usr/local/bin