diff --git a/run.sh b/run.sh
index 27ac8a1..e8846fa 100755
--- a/run.sh
+++ b/run.sh
@@ -12,12 +12,17 @@ if [ "$(uname)" = "Darwin" ] && [ "$(id -u)" -eq 0 ]; then
     CONSOLE_USER=$(stat -f '%Su' /dev/console)
 
     if [ -n "$CONSOLE_USER" ] && [ "$CONSOLE_USER" != "root" ]; then
-        # Transfer ownership to console user so they can access binary
-        chown -R "$CONSOLE_USER" "$SCRIPT_DIR"
-        chown "$CONSOLE_USER" "$SCRIPT_DIR/.."
+        # Copy binary to /tmp so the console user can traverse the path.
+        # The module may be installed under /var/root/ (drwx------), which
+        # the console user cannot traverse even if they own the binary.
+        # Use VIAM_MACHINE_PART_ID for a stable path across restarts (avoids
+        # accumulation in restart loops) that is still unique per robot instance.
+        # If VIAM_MACHINE_PART_ID is not set, the TMPBIN will be /tmp/viam-audio-module-default
+        TMPBIN="/tmp/viam-audio-module-${VIAM_MACHINE_PART_ID:-default}"
+        cp "$MODULE_BIN" "$TMPBIN"
+        chmod 755 "$TMPBIN"
 
-        exec sudo -u "$CONSOLE_USER" "$MODULE_BIN" "$@"
-        echo "run.sh: running as $CONSOLE_USER"
+        exec sudo -u "$CONSOLE_USER" "$TMPBIN" "$@"
     else
         echo "run.sh: WARNING: Running as root on macOS. Microphone component will not work due to TCC restrictions." >&2
     fi