FixPedia
Linux EACCESHigh

Fixing the EACCES Error in Linux: How to Resolve Permission Denied

This article explains what the EACCES error means in Linux, its causes, and provides several solutions to restore access to files and commands.

Updated at February 16, 2026
5-10 min
Easy
FixPedia Team
Применимо к:Ubuntu 20.04+Debian 10+CentOS 7+Fedora 35+

What the EACCES Error Means

The EACCES error is a standard error code in Linux and other UNIX-like systems, which translates to "Permission denied." It occurs when a process (such as a command or program) attempts to perform an operation (read, write, execute) on a file or directory, but the current user lacks sufficient permissions.

The full error text typically looks like this:

bash: ./script.sh: Permission denied

or

touch: cannot touch '/path/to/file': Permission denied

The error can appear in various contexts: when running scripts, accessing system files, working with network resources, or even when using certain commands (sudo, apt, etc.).

Common Causes

The EACCES error has specific technical causes. Here are the main ones:

  1. Insufficient permissions for the current user
    The file or directory does not have the necessary permission bits (read, write, execute) for your user or group.
  2. File is owned by another user or group
    The file owner is a different user (e.g., root), and you are not part of the group that has permissions.
  3. Missing execute bit for scripts or binaries
    When attempting to run a script or program without execute (x) permission.
  4. Filesystem mounted with restrictive options
    For example, the noexec option prevents file execution on the mounted device, while nosuid disables setuid bits.
  5. SELinux or AppArmor blocking access
    Security mechanisms can deny access even when POSIX permissions are correct.
  6. File attributes like immutable (chattr +i)
    The file is marked as immutable, and any operations (even by root) are prohibited.
  7. Directory in the path lacks execute permission
    To access a file, you must have execute permission on all directories in the path. If any directory is inaccessible, EACCES occurs.

Solutions

Solution 1: Change Permissions with chmod

Most often, the error is resolved by adding necessary permissions via the chmod command. First, check current permissions:

ls -l /path/to/file

The output will look like: -rw-r--r-- 1 user group 123 Feb 16 12:00 file.txt. Here:

  • The first 9 characters: permissions for owner (user), group, and others.
  • r = read, w = write, x = execute.

Examples of fixes:

  • Add execute permission for the owner (to run a script):
    chmod u+x /path/to/file
  • Add read and write for the group:
    chmod g+rw /path/to/file
  • Grant all permissions to everyone (use cautiously, only for temporary fixes or shared resources):
    chmod 777 /path/to/file
  • Set specific permissions using numeric mode (e.g., 755 for owner: rwx, group and others: r-x):
    chmod 755 /path/to/file

⚠️ Important: Avoid regularly using chmod 777 on system or sensitive files—it creates a serious security vulnerability.

Solution 2: Change File Ownership with chown

If the file is owned by another user (e.g., root) and you need to use it regularly, change the owner. Requires sudo privileges.

# Change owner to current user and their primary group
sudo chown $USER:$(id -gn) /path/to/file

# Or explicitly specify user and group
sudo chown alice:developers /path/to/file

To recursively change ownership of an entire directory:

sudo chown -R $USER:$(id -gn) /path/to/directory

Solution 3: Use sudo for Privilege Escalation

If you need to run a command once that requires elevated privileges (e.g., accessing a system file), use sudo:

sudo cat /etc/shadow
sudo systemctl restart service

However, for scripts or programs you run frequently, it's better to set permissions properly (as in Solution 1) instead of constantly using sudo to avoid risks.

Solution 4: Check and Configure SELinux/AppArmor

On distributions using SELinux (CentOS, RHEL, Fedora) or AppArmor (Ubuntu, Debian), these security systems can block access even with correct POSIX permissions.

For SELinux:

  1. Check the SELinux context of the file:
    ls -Z /path/to/file

    Output: -rw-r--r--. root root system_u:object_r:httpd_sys_content_t:s0 file.txt. The context after : is important.
  2. If the context is incorrect (e.g., for web files it should be httpd_sys_content_t), restore it:
    sudo restorecon -v /path/to/file

    Or set it manually:
    sudo chcon -t httpd_sys_content_t /path/to/file
  3. For diagnostics, check logs: sudo ausearch -m avc -ts recent.

For AppArmor:

  1. Check active profiles:
    sudo aa-status
  2. If an application is blocked, you can temporarily disable its profile (not recommended for production):
    sudo aa-disable /path/to/app

    Or edit the profile in /etc/apparmor.d/.

Solution 5: Check File Attributes (chattr)

A file may have the immutable (i) or append-only (a) attribute set, which prevents any changes, even by root.

  1. Check attributes:
    lsattr /path/to/file

    Output: ----i-------- /path/to/file — the i flag means immutable.
  2. Remove the attribute (requires sudo):
    sudo chattr -i /path/to/file

    To recursively remove the attribute from a directory:
    sudo chattr -R -i /path/to/directory

Solution 6: Check Filesystem Mount Options

If the file is on a separate device (e.g., a USB drive or network share), check how the filesystem is mounted:

mount | grep /path/to/file

Example output: /dev/sdb1 on /mnt/usb type vfat (rw,nosuid,nodev,noexec,relatime,uid=1000,gid=1000,...)

Look for options:

  • noexec — prevents file execution.
  • nosuid — ignores setuid/setgid bits.
  • nodev — does not interpret device files.

If needed, remount with the correct options (requires sudo and editing /etc/fstab for permanent changes):

sudo mount -o remount,exec /dev/sdb1 /mnt/usb

⚠️ Changing mount options can affect security. Ensure it's necessary.

Prevention

To avoid EACCES errors in the future, follow these best practices:

  • Configure umask when creating files/directories. Files like .bashrc or /etc/profile can contain umask 022 (permissions 755 for directories, 644 for files). This prevents creating files with overly open permissions.
  • Use groups for shared access. Create a group (sudo groupadd devteam), add users (sudo usermod -aG devteam alice), and set group permissions (chmod g+rwx /shared/dir).
  • Assign the minimum necessary permissions. Avoid chmod 777. Instead, grant permissions only to specific users or groups (e.g., chmod 750 for owner and group).
  • For scripts and binaries, set the execute bit only when necessary, and only for the owner or group.
  • Regularly audit permissions on critical files and directories using ls -l or find / -perm -4000 -type f (for setuid files).
  • When using SELinux/AppArmor, use standard contexts (e.g., httpd_sys_content_t for web files). Don't disable them entirely; configure profiles instead.
  • For network or external media, check mount options. If you need to execute files from a USB, mount it with exec.
  • Avoid running unnecessary processes as root. Use sudo only when required, and prefer delegating permissions via groups.

Following these recommendations will reduce the risk of permission errors and improve your system's security.

F.A.Q.

What does the EACCES error mean in Linux?
How to quickly fix a Permission denied error?
Can the appearance of the EACCES error be prevented?
Why does the EACCES error occur even for the root user?

Hints

Identify the problematic file or command
Check current access permissions
Change permissions with chmod
Change the owner if necessary
Use sudo for system operations

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community