0x80070005 Permission Denied: How to Fix Access Errors in Linux

Causes of Permission Denied Error in Linux

The Permission Denied error (sometimes with code 0x80070005, especially in WSL or Wine) occurs when a process lacks sufficient permissions to access a file, directory, or system resource. In Linux, this is one of the most common issues related to access management.

Main Causes:

1. Insufficient user permissions — you are trying to modify a system file as a regular user.
2. Incorrect file permissions — for example, a file has permissions -rw-------, and you are not the owner.
3. Filesystem mounted with noexec, nosuid, or ro options — prohibits execution, changing ownership, or writing.
4. File locked by another process — particularly relevant for executable files or libraries.
5. Lack of disk space or inodes — the system cannot create temporary files.
6. SELinux/AppArmor — security policies may block access even with correct permissions.

⚠️ Important: Code 0x80070005 is a Windows error code ERROR_ACCESS_DENIED. In Linux, the equivalent error has code EACCES (13) and is typically output as the string "Permission denied". If you see exactly 0x80070005, you are likely working in WSL, Wine, or via a Windows SSH client.

Main Solutions

1. Check Current Permissions and Owner

First, you need to understand who has access to the file and what permissions are set.

ls -l /path/to/file

Example output:

-rwxr-xr-- 1 root www-data 1234 Feb 14 12:00 script.sh

Decoding:

• - — file type (dash = regular file)
• rwx — owner permissions (read, write, execute)
• r-x — group permissions (read, execute)
• r-- — others permissions (read only)
• root — owner
• www-data — group

If you are not the owner and not in the group, and permissions for "others" do not include the needed action (e.g., no x for execution), an error will occur.

2. Change Access Permissions (chmod)

The chmod command changes access permissions. There are two methods:

Symbolic mode (recommended for simple cases):

chmod u+x file          # Add execute for owner
chmod g+w file          # Add write for group
chmod o-r file          # Remove read for others
chmod a+x file          # Add execute for everyone

Numeric mode (precise control):

Permissions are calculated as the sum of bits: r=4, w=2, x=1. Examples:

• 755 = rwxr-xr-x (owner: full, group/others: read+execute)
• 644 = rw-r--r-- (owner: read+write, others: read only)
• 777 = rwxrwxrwx (full permissions for everyone — dangerous!)

chmod 755 script.sh    # Set safe permissions for an executable file
chmod 644 config.ini   # Only owner can modify

For recursive changes (all files in a directory):

chmod -R 755 /var/www/html

💡 Tip: Do not use 777 on production servers. This is a serious security vulnerability.

3. Change Owner (chown)

If the file belongs to another user (e.g., root), change the owner:

sudo chown user:group file

Example:

sudo chown alice:developers project.txt

For recursive change:

sudo chown -R alice:developers /home/alice/projects

⚠️ Important: Do not change the owner of system files unnecessarily. This may break program functionality.

4. Check Filesystem Mounting

If the file is on a separate partition (e.g., /mnt/backup), check mount options:

mount | grep /mnt/backup

Example problematic output:

/dev/sdb1 on /mnt/backup type ext4 (ro,noexec,relatime)

Here:

• ro — read-only
• noexec — prohibition on executing files

Solution: Remount with needed options (requires sudo):

sudo mount -o remount,rw,exec /dev/sdb1 /mnt/backup

To make changes persistent after reboot, edit /etc/fstab:

sudo nano /etc/fstab

Change the line, removing ro,noexec or adding rw,exec:

UUID=xxxx-xxxx /mnt/backup ext4 defaults,rw,exec 0 2

5. Check for File Lock by Another Process

Sometimes a file is in use by another process (e.g., open in an editor or running as a daemon). Find the process:

lsof | grep file

Example output:

COMMAND  PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
vim     1234 alice  cwd    DIR  8,1     4096    2 /home/alice

Terminate the process (if safe):

kill 1234

For forceful termination:

kill -9 1234

6. Check Free Space and Inodes

Lack of disk space or inodes (index descriptors) also causes Permission Denied.

Check space:

df -h /path/to/directory

Check inodes:

df -i /path/to/directory

If space or inodes are running out:

• Clean temporary files (/tmp, browser cache)
• Remove unnecessary logs (sudo journalctl --vacuum-time=3d)
• Increase partition size or add a new disk.

7. Check SELinux/AppArmor (if used)

Distributions like RHEL/CentOS/Fedora have SELinux enabled; Ubuntu uses AppArmor. They can block access even with correct permissions.

For SELinux: Check file context:

ls -Z file

If context is incorrect (e.g., a web file should have httpd_sys_content_t), fix it:

sudo chcon -t httpd_sys_content_t file

Temporarily disable SELinux for diagnostics (not for production):

sudo setenforce 0

For AppArmor: Check profiles:

sudo aa-status

If an application is in enforce mode, try switching to complain:

sudo aa-complain /etc/apparmor.d/usr.bin.your_application

8. Using sudo Correctly

If a command requires root privileges, use sudo:

sudo apt update
sudo systemctl restart nginx

But if sudo itself does not work (e.g., "Permission denied" when trying to run it), possible causes:

• User is not in the sudo group (check with groups)
• The sudo file has incorrect permissions (should be -rwsr-xr-x)

Check sudo permissions:

ls -l /usr/bin/sudo

If there is no s (setuid) in owner permissions (-rwsr-xr-x), fix it:

sudo chmod 4755 /usr/bin/sudo

Advanced Methods: ACL and Capabilities

If standard permissions are insufficient, use ACL (Access Control Lists) for flexible management.

Installing and Using ACL

Ensure the filesystem is mounted with ACL support (usually acl in options). Check:

mount | grep /path

If acl is missing, add it to /etc/fstab and remount.

Set ACL:

# Give full access to user alice
sudo setfacl -m u:alice:rwx file

# Give access to group developers
sudo setfacl -m g:developers:rwx file

# View ACL
getfacl file

Example getfacl output:

# file: file
# owner: root
# group: root
user::rwx
user:alice:rwx
group::r-x
mask::rwx
other::r--

Capabilities for Binaries

Some programs require special privileges (e.g., binding to ports <1024). Instead of running as root, use capabilities:

# Give program ability to bind to privileged ports
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/web_server

Check capabilities:

getcap /usr/bin/web_server

Preventing Permission Problems

1. Create files with correct default permissions:
   • Set umask in ~/.bashrc (e.g., umask 002 for group write).
   • For directories: mkdir -m 775 new_directory.
2. Use groups for shared access:
   • Create a group: sudo groupadd developers
   • Add users: sudo usermod -aG developers alice
   • Assign group to a directory: sudo chgrp developers /proj
   • Set SGID on directory: chmod 2775 /proj (new files inherit group).
3. Regularly audit permissions:
   • Find SUID/SGID files: find / -type f -perm -4000 -o -perm -2000 2>/dev/null
   • Find world-writable files: find / -type f -perm -o=w 2>/dev/null
4. Set correct SELinux/AppArmor context for services.
5. Do not run applications as root unnecessarily — use sudo only for specific commands.

Additional Resources

For deeper study:

• man chmod, man chown, man acl, man selinux
• Your distribution's official documentation (Ubuntu Wiki, RHEL Documentation)
• Article "Understanding Linux File Permissions" on kernel.org