"Permission denied" is one of the most common errors in the terminal. The fix is usually simple, but blindly using sudo for everything creates bigger problems. Here's how to diagnose and fix permission issues properly.
Understanding File Permissions (30-Second Version)
Every file and folder has three permission groups:
- Owner — the user who created it
- Group — users in the file's assigned group
- Others — everyone else
Each group can have three permissions:
- r (read) — can view the file
- w (write) — can modify the file
- x (execute) — can run the file as a program
Check permissions with ls -la:
$ ls -la script.sh
-rw-r--r-- 1 john staff 1024 Jan 15 10:00 script.sh
│││ │││ │││
│││ │││ └── Others: read only
│││ └──── Group: read only
└────── Owner: read + write (no execute)Scenario 1: "Permission denied" When Running a Script
You get this when trying to execute a file that doesn't have execute permission.
$ ./script.sh
bash: ./script.sh: Permission deniedFix: Add execute permission:
chmod +x script.sh
./script.sh # Works nowScenario 2: "Permission denied" When Editing a File
You can read but not write to the file.
$ echo "new content" > /etc/somefile
bash: /etc/somefile: Permission deniedFix options:
# If it's a system file you legitimately need to edit:
sudo nano /etc/somefile
# If it's your own file with wrong permissions:
chmod u+w myfile.txtScenario 3: npm/Node.js "EACCES" Errors
This happens when npm tries to write to a directory owned by root:
npm ERR! Error: EACCES: permission denied, mkdir '/usr/local/lib/node_modules'Fix: Never use sudo npm install -g. Instead, fix npm's default directory:
# Option A: Use nvm (recommended)
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
nvm install --lts # Installs in your home directory
# Option B: Change npm's default directory
mkdir ~/.npm-global
npm config set prefix '~/.npm-global'
echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
source ~/.bashrcScenario 4: SSH Key "Permissions Are Too Open"
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: UNPROTECTED PRIVATE KEY FILE! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Permissions 0644 for '/home/user/.ssh/id_ed25519' are too open.Fix: SSH keys must be readable only by the owner:
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub
chmod 700 ~/.sshScenario 5: Docker "Permission Denied"
$ docker ps
Got permission denied while trying to connect to the Docker daemon socketFix: Add your user to the docker group:
sudo usermod -aG docker $USER
# Log out and back in (or restart)
newgrp docker
docker ps # Works without sudoScenario 6: "Permission denied" Accessing Another User's Files
If you legitimately need access:
# Change ownership to yourself
sudo chown $USER:$USER /path/to/file
# Or change ownership of a whole directory
sudo chown -R $USER:$USER /path/to/directory/
# Or just add read permission for everyone
sudo chmod o+r /path/to/filePermission Number Cheat Sheet
chmod 755 file # Owner: full, Group: read+execute, Others: read+execute (directories, scripts)
chmod 644 file # Owner: read+write, Group: read, Others: read (regular files)
chmod 600 file # Owner: read+write, nobody else (private keys, configs with passwords)
chmod 700 dir # Owner: full access, nobody else (private directories)When to Use sudo (and When Not To)
Use sudo when:
- Editing system configuration files (
/etc/) - Installing system packages (
apt install,brewusually doesn't need it) - Managing system services (
systemctl)
Don't use sudo when:
- Installing language packages (npm, pip, gem) — fix the directory instead
- Running your own scripts — fix the file permission
- Accessing your own project files — fix ownership
- You don't understand why it's needed — diagnose first
Quick Diagnosis Steps
- Run
ls -la filenameto check current permissions and owner - Run
whoamito confirm which user you are - Determine if you need to: add permission, change ownership, or use sudo
- Fix the root cause, not the symptom