Home / Troubleshooting / Permissions

Permission Denied

Getting "permission denied" errors? Here's what that means and how to fix it without breaking your system.

Symptoms

Quick Fix

Most of the time, "permission denied" just means you need to use sudo:

# Instead of this (fails):
apt update

# Do this (works):
sudo apt update

If you're getting "permission denied" on a script you wrote:

# Make the script executable
chmod +x myscript.sh

# Then run it
./myscript.sh

What Does "Permission Denied" Mean?

The simple explanation

Linux is a multi-user system. Every file and folder has an owner and permissions that control who can do what. There are three types of permissions:

  • Read (r) - Can you look at the file's contents?
  • Write (w) - Can you change or delete the file?
  • Execute (x) - Can you run the file as a program?

And three categories of users:

  • Owner - The user who created the file
  • Group - A group of users who share access
  • Others - Everyone else

"Permission denied" means your user account doesn't have the right permission for what you're trying to do. System files are owned by root (the admin account), so normal users can't modify them without sudo.

sudo Basics

sudo stands for "superuser do." It lets you run a command as the root (administrator) user. You'll need it for anything that modifies the system: installing packages, editing config files, managing services, etc.

# Run a single command as root
sudo apt install firefox

# Open a file for editing as root
sudo nano /etc/fstab

# Run an interactive root shell (use with caution)
sudo -i

# Check if you can use sudo
sudo whoami
# Should print "root"
Don't run everything with sudo. Only use it when you actually need root access. Running your desktop browser or file manager as root is a security risk and can break file ownership in your home directory. If a guide tells you to sudo everything, be skeptical.
"user is not in the sudoers file" - How to fix

If you get this error, your user account hasn't been given sudo privileges. This is common on Debian (which doesn't add your user to sudo by default) or if you created a new user account.

If you have the root password:

# Switch to root
su -

# Add your user to the sudo group
usermod -aG sudo yourusername   # Debian/Ubuntu
usermod -aG wheel yourusername  # Fedora/Arch

# Log out and back in (or reboot) for it to take effect
exit

If you don't have the root password (and there's no other sudo user), you'll need to boot from a live USB:

# Boot from live USB, mount your root partition
sudo mount /dev/sda2 /mnt
sudo chroot /mnt

# Now you're root in your system - add your user to sudo
usermod -aG sudo yourusername   # Debian/Ubuntu
usermod -aG wheel yourusername  # Fedora/Arch

# Make sure the wheel/sudo group is enabled in sudoers
visudo
# Uncomment the line: %wheel ALL=(ALL:ALL) ALL  (or %sudo for Debian/Ubuntu)

exit
sudo umount /mnt
sudo reboot

File Permissions Explained

When you run ls -l, you see something like this:

-rwxr-xr-- 1 alice developers 4096 Jan 15 10:30 myscript.sh
 ^^^
 ||| owner permissions (rwx = read, write, execute)
    ^^^
    ||| group permissions (r-x = read, execute, no write)
       ^^^
       ||| others permissions (r-- = read only)

chmod - Change permissions

# Make a file executable
chmod +x script.sh

# Make a file readable and writable by owner only
chmod 600 private-file.txt

# Make a directory accessible
chmod 755 my-folder/

# Common permission numbers:
# 755 = rwxr-xr-x (owner: all, others: read+execute) - for scripts, directories
# 644 = rw-r--r-- (owner: read+write, others: read only) - for regular files
# 600 = rw------- (owner only) - for private files like SSH keys
# 700 = rwx------ (owner only) - for private directories
How permission numbers work

Each digit is the sum of: read (4) + write (2) + execute (1)

NumberPermissionsMeaning
7rwxRead + Write + Execute
6rw-Read + Write
5r-xRead + Execute
4r--Read only
0---No access

So chmod 754 means: owner gets rwx (7), group gets r-x (5), others get r-- (4).

chown - Change ownership

# Change the owner of a file
sudo chown alice myfile.txt

# Change owner and group
sudo chown alice:developers myfile.txt

# Change ownership of a directory and everything inside it
sudo chown -R alice:alice /home/alice/projects/

# Change just the group
sudo chgrp developers shared-folder/
Never run sudo chown -R or sudo chmod -R on system directories like /, /etc, /usr, or /var. This will break your system. These commands are for your own files, not system files.

"I Can't Access My USB Drive / External Hard Drive"

This is a very common issue, especially with NTFS or exFAT drives. Here's how to fix it:

USB drive doesn't show up at all 
# Check if the system sees the USB drive
lsblk
# Look for your drive (usually /dev/sdb or /dev/sdc)

# If it's not showing up, check dmesg for errors
dmesg | tail -20
# Plug in the drive and run dmesg again - look for error messages

# If the drive shows up but isn't mounted, mount it manually:
sudo mkdir -p /mnt/usb
sudo mount /dev/sdb1 /mnt/usb
ls /mnt/usb
USB drive is read-only

If you can see files but can't write to the drive:

# Check how it's mounted
mount | grep sdb

# If it says "ro" (read-only), remount as read-write:
sudo mount -o remount,rw /dev/sdb1 /mnt/usb

# For NTFS drives, the most common cause is Windows Fast Startup
# The drive was "hibernated" by Windows. Options:
# 1. Boot into Windows, disable Fast Startup, then properly shut down
# 2. Force mount (risk of data loss):
sudo mount -t ntfs-3g -o remove_hiberfile /dev/sdb1 /mnt/usb
Physical write protection: Some USB drives and SD cards have a tiny physical switch on the side that locks them to read-only. Check for that first.
Drive mounts but you can't write to it (permission issue)

This is usually an ownership issue. The drive was mounted by root, so your user can't write to it.

# For FAT32/exFAT drives, mount with your user ID:
sudo mount -o uid=$(id -u),gid=$(id -g) /dev/sdb1 /mnt/usb

# For NTFS drives:
sudo mount -t ntfs-3g -o uid=$(id -u),gid=$(id -g) /dev/sdb1 /mnt/usb

# For ext4 drives, change ownership:
sudo chown -R $(whoami):$(whoami) /mnt/usb
Tip: Most desktop environments (GNOME, KDE, Cinnamon) auto-mount USB drives with correct permissions. If you're having permission issues, it's usually because you mounted the drive manually. Try unmounting and letting your desktop handle it by unplugging and re-plugging the drive.

Common Permission Fixes

"I broke permissions in my home directory"

If you accidentally ran chmod or chown on your entire home directory and things are broken:

# Reset ownership of your home directory
sudo chown -R $(whoami):$(whoami) ~

# Reset directory permissions (755)
find ~ -type d -exec chmod 755 {} \;

# Reset file permissions (644)
find ~ -type f -exec chmod 644 {} \;

# Fix SSH keys (they need strict permissions)
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_*
chmod 644 ~/.ssh/*.pub
chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/authorized_keys
"Permission denied" when running a downloaded program

Files you download don't have the execute permission by default (this is a security feature).

# Make it executable
chmod +x downloaded-program

# Run it
./downloaded-program

# For AppImages:
chmod +x MyApp.AppImage
./MyApp.AppImage
Web server / project folder permissions

If you're running a web server and getting permission errors:

# Web server files typically need:
# Directories: 755, Files: 644
find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;

# Set the web server user as the owner
# Apache:
sudo chown -R www-data:www-data /var/www/html

# Nginx (on some distros it's nginx:nginx):
sudo chown -R www-data:www-data /var/www/html

# If you need to edit these files as your user, add yourself to the group:
sudo usermod -aG www-data $(whoami)
# Log out and back in for the group change to take effect

Related Issues