Operation not permitted

Linux SystemSecurity ErrorCommonLast updated: June 29, 2026Tested on:Ubuntu 22.04 LTSBash Shell v5.1June 2026

This error occurs when the kernel blocks an action because it requires superuser privileges or conflicts with active security policies.

Operation not permitted Quick Fix⏱️ Est. Fix Time: 3 minutes

Usually happens because:

  • File has the immutable attribute flag enabled (+i)
  • Process lacks system capability (e.g. binding low ports)
  • Docker container profile seccomp sandbox blocks system call

🔍 Quick Checklist:

What is Operation not permitted?

The 'Operation not permitted' error is a standard POSIX system error associated with the error code EPERM. Unlike 'Permission denied' (EACCES), which typically relates to file access bits, EPERM indicates that the operation itself is restricted by security policies, lack of system capabilities, file immutable attributes, or Docker security profiles (seccomp). Even the root user can receive EPERM if trying to modify immutable files or perform raw hardware modifications blocked by the kernel.

Common Causes

  • Lack of kernel capabilities: Attempting to bind low ports (<1024) or manipulate network interfaces without CAP_NET_ADMIN privileges.
  • Immutable file attributes: Attempting to edit or delete files marked with the +i (immutable) attribute.
  • Docker sandbox constraints: Standard container runtimes restrict system calls (like mounting filesystems or changing clocks) using default seccomp profiles.
CauseFrequency
Missing raw kernel capability privileges⭐⭐⭐⭐⭐
Active immutable file attributes (chattr +i)⭐⭐⭐⭐
Docker container seccomp sandbox restriction⭐⭐⭐

Common Mistakes

  • Assuming running as root solves all permission errors (EPERM can block root operations if files have immutable attributes or container policies restrict them).
  • Running insecure containers with `--privileged` unnecessarily, which compromises host security instead of granting narrow `--cap-add` capabilities.

How to Fix

1Add Docker capabilities: Start containers with required capabilities flags (e.g. '--cap-add=NET_ADMIN').
2Remove immutable attributes: Strip the immutable flag using 'sudo chattr -i <file>' before editing.
3Run with elevated system privileges: Prepend commands with 'sudo' or configure CAP policies for the binary.

Linux Operations & Verification

Inspect and unlock immutable files blocked by Linux file attributes.

Checking Immutable Attributes Example
# 1. Inspect file attributes
$ lsattr /var/log/system.log
----i--------e-- /var/log/system.log
# Note: 'i' attribute indicates immutable block active

# 2. Unlock the file
$ sudo chattr -i /var/log/system.log

# 3. Modify or delete the file
$ sudo rm /var/log/system.log

Platform Specific Fixes

Check currently active process capability maps.

Linux Config
# Read capability bits of active shell process
capsh --print

Best Practices

  • Manage file attributes explicitly inside backup automated scripts.
  • Adopt narrow Docker capability maps instead of wide superuser overrides.

Frequently Asked Questions (FAQ)

Q: How does EPERM differ from EACCES?

EACCES (Permission denied) means the user lacks basic rwx file bits permissions. EPERM (Operation not permitted) means the operation itself is restricted by kernel-level security rules, regardless of file permissions.

Q: Why does root get 'Operation not permitted'?

Root can get EPERM if a file has the 'immutable' flag enabled. Run 'lsattr <file>' to check. If you see 'i', run 'sudo chattr -i <file>' to unlock it.

Q: How do I bind port 80/443 without root?

Grant the binary the network binding capability: 'sudo setcap 'cap_net_bind_service=+ep' /path/to/binary'.

Q: Why do mounting commands fail in containers?

Docker containers drop mounting capabilities by default to prevent hosts escape vulnerabilities. Run the container using the '--privileged' flag or specify '--cap-add=SYS_ADMIN'.

Still having this problem?

Didn't solve your problem?

SuggestRequest Error