Permission Denied
The calling process does not have the required read, write, or execute permission on the file or directory. Permission is determined by the file mode bits (owner, group, other) and the process UID/GID.
- 1The file is owned by root and the process runs as a non-root user with no group access.
- 2The execute bit is missing on a script or binary the process is trying to run.
- 3A parent directory lacks execute (search) permission, blocking access to files inside it.
- 4SELinux or AppArmor policy denies access regardless of POSIX permissions.
Reading a file owned by root that has no world-readable permission.
$ cat /etc/shadow cat: /etc/shadow: Permission denied $ ls -la /etc/shadow ---------- 1 root shadow 1234 Jan 1 00:00 /etc/shadow
expected output
cat: /etc/shadow: Permission denied
Fix 1
Adjust file permissions or ownership
WHEN When you control the file and the access restriction is unintentional
# Grant group read access sudo chmod g+r /var/log/app.log # Add current user to the group sudo usermod -aG appgroup $USER
Why this works
Granting group read permission and adding the process user to the group satisfies the permission check.
Fix 2
Check SELinux/AppArmor denials
WHEN When POSIX permissions look correct but EACCES still occurs
# Check SELinux audit log sudo ausearch -m avc -ts recent # Check AppArmor sudo aa-status journalctl | grep -i apparmor
Why this works
Mandatory access control systems enforce their own policies above POSIX permissions. Denials are logged separately.
✕ Use chmod 777 to fix permission errors
World-writable permissions create security vulnerabilities. Grant only the specific permissions needed.
Linux Programmer Manual errno(3)
Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev