Permission denied on shell script provisioner

robwilkerson · April 6, 2021, 8:22pm

I’m trying to create a “gold ami” from a base ami in the amazon marketplace. That AMI is based on RHEL, but I can’t seem to get it bootstrapped.

"provisioners": [
  {
    "type": "shell",
    "script": "../setup.sh"
  },
  {
    "type": "ansible-local",
    "playbook_file": "../playbooks/ship-it.yml",
    "playbook_dir": "../playbooks/roles/"
  }
]

Result:

==> amazon-ebs: Provisioning with shell script: ../setup.sh
==> amazon-ebs: bash: /tmp/script_9136.sh: Permission denied

If I run the packer build in debug mode and ssh to the instance immediately after the execution fails, I see this when I ls -la the /tmp directory:

$ ls -la
total 4
drwxrwxrwt.  9 root     root     200 Apr  6 20:14 .
dr-xr-xr-x. 18 root     root     236 Sep 23  2019 ..
// SNIP
-rwxr-xr-x.  1 ec2-user ec2-user 378 Apr  6 20:14 script_9136.sh
// SNIP

Any thoughts would be much appreciated.

tbugfinder · April 6, 2021, 9:48pm

You could try setting execute_command:

"type": "shell",
"script": "../setup.sh"
"execute_command": "{{.Vars}} bash '{{.Path}}'"

robwilkerson · April 7, 2021, 12:47pm

Okay, so yep, that looks like exactly what I needed, but I have to admit that I don’t really understand why. setup.sh had execute permissions and is owned by the ssh user. Can you help me understand the secret sauce that execute_command provides?

Thanks for your help!

tbugfinder · April 9, 2021, 6:17pm

Sometimes /tmp is mounted without exec permission (noexec) or selinux restrictions apply.