macOS 'Permission Denied' Error: Causes and 5 Fixes

What Does the "Permission Denied" Error Mean

The Permission Denied (or Operation not permitted) error in macOS indicates that the current user or process lacks the necessary permissions to perform an operation on a file, folder, or system resource. The error message may vary:

# In Terminal
zsh: permission denied: ./script.sh
rm: everest.txt: Permission denied

# In an application (e.g., when copying)
“The operation can’t be completed” because you don’t have permission to access “file_name”.

It occurs when attempting to:

Run a script or program without the +x flag.
Delete/modify a system file or a file owned by another user.
Access a protected system folder (e.g., /System, /usr).
Write to a read-only disk (e.g., a CD-ROM or a locked disk image).

Common Causes

Insufficient permissions for the current user
The file is owned by another user (e.g., root) or group, and your account lacks write/execute permissions.
Active System Integrity Protection (SIP)
SIP protects system directories (/System, /usr, /bin, /sbin) and certain files in /Library from modification, even by the root user.
Corrupted or outdated ACLs (Access Control Lists)
macOS uses ACLs for granular access control. If an ACL conflicts with base permissions (chmod), the system may block access.
File has an "immutable" or "append-only" flag
Using chflags, you can set uchg (user immutable) or schg (system immutable) flags, which prevent any changes.
Read-only file system
The disk is mounted as read-only (e.g., an external NTFS drive without write support or a corrupted APFS volume).

Solution 1: Using `sudo` for Temporary Privilege Escalation

If the error occurs when working with system files or files owned by another user, use sudo (Super User Do). This command executes the operation as an administrator.

Steps:

Open Terminal (Applications → Utilities → Terminal).

Prepend sudo to the command causing the error. For example:

sudo rm /path/to/file.txt
sudo cp source.txt /System/Library/

Enter your account password (characters are not displayed—this is normal).
Press Enter.

⚠️ Important: sudo grants full access. Ensure the command and path are correct to avoid accidentally deleting system files.

Solution 2: Changing Permissions with `chmod`

The chmod (change mode) command modifies access permissions (read r, write w, execute x) for the owner, group, and others.

Steps:

Check current permissions:
```
ls -la /path/to/file
```
Example output: -rw-r--r-- 1 user staff 1234 Feb 16 10:00 file.txt
Add execute permission (if you need to run a script):
```
chmod +x /path/to/file.sh
```
Set standard permissions (owner: read+write+execute, group/others: read+execute):
```
chmod 755 /path/to/file
```
Numbers correspond to: 7=rwx, 5=r-x, 5=r-x.
For full access to everyone (use with caution!):
```
chmod 777 /path/to/file
```

Solution 3: Changing Ownership with `chown`

If the file is owned by another user (e.g., root), change the owner to your user account.

Steps:

Check the current owner:
```
ls -la /path/to/file
```
The owner is listed in the second column.
Change the owner to the current user:
```
sudo chown $USER /path/to/file
```
$USER automatically substitutes your macOS username.
To change the group (e.g., to staff):
```
sudo chown :staff /path/to/file
```
For recursive changes (all files in a folder):
```
sudo chown -R $USER /path/to/folder/
```

Solution 4: Disabling System Integrity Protection (SIP) for System Files

If the error occurs when accessing SIP-protected folders (e.g., /System/Library/LaunchDaemons), temporarily disable SIP. Only use this if other methods fail!

Steps:

Reboot your Mac into Recovery Mode:
For Apple Silicon Macs: hold the power button → “Startup Options” → “Continue in Recovery Mode”.
For Intel Macs: reboot and hold Cmd + R.
Open Terminal from the “Utilities” menu.
Disable SIP:
```
csrutil disable
```
Reboot your Mac normally.
Perform the needed operation (modify/delete the file).
Crucially, re-enable SIP:
- Re-enter Recovery Mode.
- Run csrutil enable.
- Reboot.

💡 Tip: After disabling SIP, verify system file integrity with sudo /usr/libexec/repair_packages --repair --standard-pkgs --volume /.

Solution 5: Resetting ACLs and File Flags

Corrupted ACLs or flags (e.g., uchg) can block access even with correct chmod/chown settings.

Steps:

Check ACLs:
```
ls -le /path/to/file
```
If output contains lines with 0:, 1: — these are ACL entries.
Remove all ACLs (revert to standard permissions):
```
sudo chmod -N /path/to/file
```
Check and remove flags (schg, uchg, sappnd, etc.):
```
ls -lO /path/to/file
```
Flags appear after the permissions column (e.g., schg).

Remove flags:

sudo chflags nouchg /path/to/file  # remove user immutable
sudo chflags noschg /path/to/file  # remove system immutable

To bulk-reset flags in a folder:

sudo chflags -R nouchg /path/to/folder/

Prevention

Avoid sudo unnecessarily. Run commands as a regular user whenever possible.
Check permissions when copying files between different disks/systems (Windows → macOS). After copying, set correct permissions via chmod.
Don’t leave SIP disabled permanently. Use it only for one-off operations, then re-enable.
Regularly inspect ACLs on critical system folders, especially after installing software from untrusted sources: ls -le /path.
Use graphical utilities (e.g., Get Info in Finder or BatChmod) for visual permission management if you’re unsure about commands.
Back up before modifying system file permissions via Time Machine or cp -a.

F.A.Q.

What's the difference between chmod and chown when fixing Permission Denied?

Can I completely disable System Integrity Protection (SIP) to access system files?

Is there a graphical way to fix Permission Denied without Terminal?

Why does Permission Denied occur after copying files from Windows to Mac?

Hints

Identify the exact error context

Check current permissions and ownership

Use sudo for temporary privilege escalation

Modify permissions with chmod

Change file ownership with chown