I get permission denied for a command in an sh script, but same command works from terminal

I have a service run by systemctl in RedHat 8.8. The service itself is relatively simple:

cat /etc/systemd/system/myservice.service

[Unit]
Description=My service
After=network-online.target

[Service]
Type=forking
User=myuser
Group=mygroup
Restart=no
TimeoutSec=60
ExecStart=/usr/lib/myapp/service.sh start
ExecStop=/usr/lib/myapp/service.sh stop

[Install]
WantedBy=multi-user.target

Sudoers file is set up so that all members of the "mygroup" are able to execute this service in the name of the "myuser":

%mygroup ALL = (ALL : myuser) NOPASSWD: /usr/bin/systemctl start myservice

The problem is within the service.sh file. The preamble is

#!/bin/sh

. It tries to start a JBoss instance, and execute some actions, e.g.:

cat /dev/null > $JBOSS_CONSOLE_LOG
START_FILE="${JBOSS_HOME}/start_user"
ACCESS_USER="$(who am i | awk '{print $1}')"
echo "${ACCESS_USER}" > ${START_FILE}

Now, when I'm logged in with "myuser" over SSH, and I start this service by

systemctl start myservice

, I get a bunch of permission denied errors for the above commands: When trying to cat devnull into the JBOSS_CONSOLE_LOG:

/usr/lib/myapp/service.sh: line 82: /opt/myapp/home/domain/log/console.log: Permission denied

When trying to print into the START_FILE:

/usr/lib/myapp/service.sh: line 92: /opt/myapp/home/start_user: Permission denied

The file permissions are set up correctly as far as I can tell, everything is owned by "myuser" and "mygroup":

ll /opt/myapp

drwrwxr-x+ 11 myuser mygroup 4096 Nov 14 20:56 home

ll /opt/myapp/home

drwxrwxr-x+ 10 myuser mygroup 4096 Nov 14 20:29 domain

ll /opt/myapp/home/domain

drwxrwxr-x+ 10 myuser mygroup 4096 Nov 14 20:29 log

When I execute the same exact commands directly from the terminal, it works OK. When I made a simple test.sh file and put the commands there, again it worked OK. So something must change when running the service script, but I'm not sure why. I also noticed that the script tries to determine the ACCESS_USER variable like so:

ACCESS_USER="$(who am i | awk '{print $1}')"

And it gets an empty result. But when I run the same command on my terminal, it prints "myuser" correctly. It also works from my test.sh file. Where should I start? This is a certain product I'm using so I'll be sure to contact their support, but maybe I'll get some ideas from here also. -------------------------- Edit: thanks for the comments, I'll try to answer. @Chris Davies: $JBOSS_CONSOLE_LOG is /opt/myapp/home/domain/log/console.log, $JBOSS_HOME is /opt/myapp, I already shared the owners in my original question. Also thanks for the explanation between "whoami" and "who am i", I have read upon them before, but now it is clear that I need a terminal for "who am i" to work. @waltinator and @muru: this script is not running from crontab, it is executed when I start the mentioned service:

systemctl start myservice

, see the service description in my original question. The "myuser" user is added to the sudoers file so that it can launch the service. @rivimey: I'm printing the output of the "id" command and the "whoami" command, it shows the correct user:

echo "id = $(id), whoami = $(whoami)

id = uid=1001(myuser) gid=1001(mygroup) groups=1001(mygroup) context=system_u:system_r:unconfined_service_t:s0, whoami = myuser

Also when I check the running script in the "ps -ef" output, it also shows the correct user executing it. -------------------------- Edit 2: ahh, it was SELinux... as I was typing my previous edit, I thought of disabling it, and now the service is working correctly. Strange, because I tried to check the audit logs, manually and with audit2allow command as well, I got some "missing type enforcement" rules, but nothing related to my application. If I don't get a better solution, I'll post this as answer.