Unable to set file as unreadable inside tox container

[matthew-brett]

I have a Python module that relies on setting permissons to a file as unreadable.

Unfortunately, it looks like this is not possible inside the tox container.

Here's the minimal reproducer : https://github.com/matthew-brett/test-actions/blob/main/tox.ini

In particular, I have this test in my tox.ini file:

    touch unreadable
    python -c "import os; os.chmod('unreadable', 0o200)"
    python -c "open('unreadable', 'rb').read()"

Obviously the last line should cause a Permission denied error, and that is what happens locally. But running via this action using this minimal workflow, I get no error - Python can read the unreadable file.

I wonder whether this is because the tox tests are running as some privileged user, for whom setting the user read permission is not effective?

[hroncok]

The container is https://github.com/fedora-python/fedora-python-tox/blob/master/Dockerfile

I guess the user is root. Do you have an idea how to solve this?

[hroncok]

It should be possible to change https://github.com/fedora-python/fedora-python-tox/blob/master/run_tests.sh to create an user and run the tests as such.

[frenzymadness]

We can either do this for everybody in the Dockerfile using RUN adduser … and then USER … or in the shell script as an optional feature configured by an env variable so only if you specify a username, we'll create it and use it to run tests.

I'm a little bit afraid that doing that in Dockefile might break other workflows.