Fix PermissionError: Permission denied when reading or writing files

By James Park
Python beginner Linux macOS Windows Cross-platform

Fix PermissionError: Permission denied when reading or writing files

1. Symptoms

Python’s PermissionError manifests as a subclass of OSError with errno 13 (EACCES) on Unix-like systems or equivalent access denied codes on Windows. Common indicators include tracebacks during file operations like open(), os.remove(), or shutil.copy(). A typical shell or console output looks like this:

Traceback (most recent call last):
  File "script.py", line 10, in <module>
    with open('/etc/passwd', 'r') as f:
PermissionError: [Errno 13] Permission denied: '/etc/passwd'

Symptoms escalate in scripts automating file I/O: batch processes fail silently or loudly, logs fill with access denials, and tools like Jupyter notebooks halt on cell execution. On Windows, it appears as PermissionError: [Errno 13] Permission denied: 'C:\\Windows\\System32\\drivers\\etc\\hosts'. Cross-platform consistency arises from Python’s io module deferring to OS syscalls, triggering on read-only system dirs, locked files, or parent directory execute-bit absence.

2. Root Cause

At its core, PermissionError stems from operating system enforcement of file system permissions. Unix-like systems (Linux, macOS) use POSIX modes: owner/group/other with read (r=4), write (w=2), execute (x=1) bits, checked via stat() syscall. Python’s open() invokes openat() or fcntl(), failing if the effective UID/GID lacks bits for the operation—e.g., reading requires ‘r’ on file and ‘x’ on all parent dirs.

Windows employs ACLs via NT security descriptors, where CreateFile() denies if the token lacks FILE_READ_DATA or FILE_WRITE_DATA. Inheritance from parent folders or explicit denies compound issues. Python 3.8+ refines error mapping in os and pathlib, but root lies in mismatched process privileges: running as non-root user against root-owned files (/etc, /usr), antivirus locks, or network shares with restrictive SMB perms. Path traversal attempts or relative paths resolving to protected areas amplify frequency in deployed apps.

3. Step-by-Step Fix

Address PermissionError hierarchically: verify paths, adjust perms, elevate judiciously, or refactor code.

  1. Inspect permissions: Use ls -la /path/to/file (Unix) or icacls C:\path\to\file (Windows) to audit ownership and modes.

  2. Fix ownership/perms:

    • Unix: sudo chown $USER /path/to/file; chmod u+rw /path/to/file.
    • Windows: Right-click → Properties → Security → Edit → Add full control for user.

  3. Refactor to user-writable locations: Prefer tempfile, pathlib.Path.home(), or /tmp.

  4. Code-level handling:

Before:

import os

# Attempting to write to system dir
with open('/etc/myapp.conf', 'w') as f:
    f.write('config')

After:

import os
from pathlib import Path
import tempfile

config_dir = Path.home() / '.myapp'
config_dir.mkdir(exist_ok=True)
config_path = config_dir / 'config.conf'

with open(config_path, 'w') as f:
    f.write('config')

# Or use tempfile for ephemeral files
with tempfile.NamedTemporaryFile(mode='w', delete=False) as f:
    f.write('config')
    temp_path = f.name
  1. Exception handling for robustness:
try:
    with open('/protected/file.txt', 'r') as f:
        data = f.read()
except PermissionError as e:
    print(f"Access denied: {e}")
    # Fallback: copy to temp or prompt user
  1. Windows-specific: Run script.py as Administrator via context menu, but prefer pyinstaller with --uac-admin.

Avoid sudo python in production; use setuid binaries or Docker with volume mounts sparingly.

4. Verification

Confirm resolution by re-executing the failing operation: python script.py should complete without tracebacks, producing expected files or output. Query file stats post-fix:

import os
from pathlib import Path

p = Path('/path/to/file')
print(f"Readable: {os.access(p, os.R_OK)}")
print(f"Writable: {os.access(p, os.W_OK)}")
print(f"Mode: {oct(p.stat().st_mode)[-3:]}")  # Unix octal

On success, os.access() returns True; diff file contents or ls -l shows updated timestamps/ownership. For scripts, integrate unit tests with pytest asserting no PermissionError raises via pytest.raises(PermissionError) inversion. Monitor strace python script.py (Linux) for vanished EACCES syscalls.

5. Common Pitfalls

  • Over-elevating privileges: sudo python exposes scripts to root risks like arbitrary code execution; use sudo -u user or capabilities instead.
  • Ignoring parent directories: File ‘rwx’ irrelevant without ‘x’ on /parent/dir; find /path -type d ! -perm -111 identifies culprits.
  • Windows UAC/Defender: Manifests as intermittent; disable real-time protection temporarily for testing, but whitelist app.
  • Network filesystems (NFS/SMB): Latency hides perms; mount with uid=$(id -u) or icacls /grant.
  • Race conditions: Another process locks file post-check; use flock or O_EXCL.
  • Pathlib vs os: Path.open() inherits issues; always validate Path.resolve().exists() first.
  • Containers/Docker: Volume mounts preserve host perms; docker run -v /host:/container:delegated mitigates.

SELinux/AppArmor denials mimic PermissionError—check ausearch -m avc or aa-status.

  • FileNotFoundError: Arises from non-existent paths, often preceding PermissionError in traversal; fix with Path.parent.mkdir(parents=True, exist_ok=True).
  • OSError: Superclass encompassing PermissionError (errno 13), plus ENOSPC (disk full) or EROFS (read-only FS); discriminate via e.errno.
  • IsADirectoryError: Hits when writing to dirs ([Errno 21]); use Path.is_file() guards.

This guide ensures robust file I/O across environments, minimizing downtime in production pipelines. Total prose: ~750 words.

PermissionError permission-denied file-access os-module pathlib