Permission denied Error on macOS: Causes and 5 Ways to Fix

What is the "Permission denied" Error on macOS?

The "Permission denied" error is a system message that appears when the current macOS user does not have the rights to perform an operation (read, write, execute) on a file or folder. Unlike Windows, macOS uses a UNIX-like permission model and also adds its own protection mechanisms, such as SIP (System Integrity Protection) and ACL (Access Control Lists). This can make diagnosis more complex at times, but also more flexible.

Symptoms:

In Terminal: zsh: permission denied: <file> or cp: <file>: Permission denied.
In Finder: the "Open" button is inactive, or a pop-up appears saying "You don't have permission to access this item."
Applications (e.g., VS Code, Docker) cannot save configuration files in system folders.

Main Causes of the Error

File owner is different — the file was created by another user (e.g., root), and your account is not in the group with permissions.
Permissions (chmod) are too strict — for example, -rw------- (owner only).
ACL is active — extended access rules that can explicitly deny your user access, even if standard permissions (chmod) allow it.
SIP (System Integrity Protection) — protects system folders (/System, /usr, /bin, /sbin) from modification even by an administrator.
App Translocation — when an app from an unknown source runs in an isolated temporary folder and cannot write to its own resources.
File is locked in Finder (the "Locked" checkbox in "Get Info").

Step-by-Step Solution

Step 1: Determine the exact path and current permissions

Open Terminal (Terminal → Default). Run the command, substituting your path:

ls -l /path/to/file_or_folder

Example output:

drwxr-xr-x  5 root    wheel    160 Feb 14 10:00 SomeFolder
-rw-r--r--  1 root    wheel      0 Feb 14 10:00 file.txt

Breakdown:

drwxr-xr-x — folder (d), permissions: owner (rwx), group (r-x), others (r-x).
root — owner, wheel — group.
If the owner is not you ($(whoami)), this is likely the cause.

Step 2: Change the owner (chown)

If the owner is root or another user, change it to your user. For a folder recursively:

sudo chown -R $(whoami) /path/to/folder

For a single file (without -R):

sudo chown $(whoami) /path/to/file

Enter your administrator password (characters are not displayed).

Step 3: Update permissions (chmod)

After changing the owner, set the permissions. Most common options:

Owner: read + write (file):
```
chmod u+rw /path/to/file
```
Owner: full access, group/others: read (folder):
```
chmod -R u=rwx,go=rx /path/to/folder
```
Everyone: full access (caution, only for temporary fixes!):
```
chmod -R 777 /path/to/folder
```

Check the result:

ls -l /path/to/file

Permissions should change (e.g., -rw-r--r--).

Step 4: Check and reset ACL

ACL can override standard permissions. Check:

ls -le /path/to/file

If there are lines after the standard permissions (e.g., 0: group:everyone deny delete), ACL is active.

Reset ACL (remove all extended rules, revert to chmod):

chmod -N /path/to/file
# or for a folder recursively:
chmod -R -N /path/to/folder

After this, check ls -le again — ACL lines should disappear.

Step 5: Temporarily disable SIP (for system files)

Caution: SIP protects critical system files. Disable it only if the error involves folders /System, /usr (except /usr/local), /bin, /sbin, and other methods failed.

Restart your Mac, holding Command (⌘) + R until the Apple logo appears → enter Recovery Mode.
From the top menu, choose Utilities → Terminal.
Run:
```
csrutil disable
```
Restart into normal mode.
Return to Steps 2–3 for the affected system file/folder.
Immediately after fixing, re-enable SIP:
- Restart into Recovery Mode.
- In Terminal: csrutil enable.
- Restart.

Step 6: Check file lock in Finder

Sometimes the file is simply locked:

Find the file in Finder, press Command (⌘) + I (or right-click → "Get Info").
At the bottom of the "Get Info" window, uncheck "Locked".
Try the action again.

Step 7: Resolve App Translocation (for applications)

If the error occurs with an app from ~/Downloads or a third-party source:

Drag the app into the /Applications folder (administrator password required).
Launch the app from the /Applications folder (not from Downloads).
If the problem persists, open System Settings → Privacy & Security → Security and allow the app to run.

Frequently Asked Questions (FAQ)

❓ Why doesn't `sudo` help, but `sudo chmod 777` works?

sudo gives you administrator rights, but if the owner of the file is root and you try to change permissions without changing ownership, chmod might not work in some contexts (e.g., with SIP). sudo chmod 777 works because an administrator can change permissions on any file except SIP-protected ones. However, it's better to first change the owner to your user (chown) to avoid leaving files owned by root.

❓ Can I make a `chmod` change permanent for a folder?

Yes, but be careful. For a folder that should be writable by everyone (e.g., a shared /tmp), you can set the sticky bit and permissions 1777:

sudo chmod 1777 /path/to/folder

This allows only owners to create/delete files in the folder, even if it's writable by everyone.

❓ "Operation not permitted" instead of "Permission denied" — is that the same?

Partially. "Operation not permitted" often occurs when trying to modify SIP-protected files without disabling SIP or when working with files on an encrypted disk (FileVault) that isn't unlocked for the current session. Check if you're trying to modify a file in /System.

❓ How do I grant permissions on a folder so all Mac users can write to it?

Change the owner to root or group staff:

sudo chown -R root:staff /path/to/folder

Give the group (g) write permission:
```
sudo chmod -R g+w /path/to/folder
```
Set the setgid bit so new files in the folder inherit the group:
```
sudo chmod g+s /path/to/folder
```

Preventing the Error

Do not store working files in system folders (/System, /usr). Use ~/Documents or ~/Downloads.
When creating scripts/files via Terminal, immediately set the correct owner (your user) and group.

For shared folders (e.g., on a network drive), configure ACL in advance with chmod +a:

sudo chmod +a "username allow read,write,delete,add_file,add_subdirectory,file_inherit,directory_inherit" /path/to/folder

Update macOS — newer versions have improved permission handling.

What to Do If Nothing Helps?

Restart your Mac — sometimes the permission cache (e.g., for launchd) resets.
Check if the file is on an external drive? If so, ensure the disk is mounted with write permissions.
If the file is a symbolic link (symlink), check permissions on the target object, not the link itself.
Use sudo lsof | grep <file> to see which process is using the file, and kill it (kill -9 <PID>).
For your home folder (/Users/username), check if permissions are corrupted via diskutil verifyPermissions / (requires SIP) or restore from Time Machine.

If the error occurs when running Docker or other containers, check permissions on /var/run/docker.sock (ls -l /var/run/docker.sock). Usually, you need to add your user to the docker group: sudo dseditgroup -o edit -a $(whoami) -t user docker.
When installing Homebrew packages, you might need permissions on /usr/local. Solution: sudo chown -R $(whoami) /usr/local/* (caution: do not touch /usr/local/bin system utilities).
"Operation not permitted" errors when trying to modify files in ~/Library/Containers — this is sandbox protection. Modify files only through the app's API or in its Application Support folder.

Article updated: February 14, 2026. Tested on macOS Sonoma 14.5.

F.A.Q.

Why doesn't sudo help with Permission denied?

Can I disable SIP to fix the error?

What is ACL on macOS and how to check it?

Why does the error occur only in some applications (e.g., VS Code)?

Hints

Identify the exact path and user

Change file owner (chown)

Update access permissions (chmod)

Check and reset ACL

Temporarily disable SIP (for system files)