Run ./ vs bash – permission denied

When I try to run ./ I got Permission denied but when I run bash everything is fine.

What did I do wrong?

Asked By: Piotr Stapp


Incorrect POSIX permissions

It means you don’t have the execute permission bit set for When running bash, you only need read permission for See What is the difference between running “bash” and “./”? for more info.

You can verify this by running ls -l

You may not even need to start a new Bash process. In many cases, you can simply run source or . to run the script commands in your current interactive shell. You would probably want to start a new Bash process if the script changes current directory or otherwise modifies the environment of the current process.

Access Control Lists

If the POSIX permission bits are set correctly, the Access Control List (ACL) may have been configured to prevent you or your group from executing the file. E.g. the POSIX permissions would indicate that the test shell script is

$ ls -l
-rwxrwxrwx+ 1 root root 22 May 14 15:30

However, attempting to execute the file results in:

$ ./
bash: ./ Permission denied

The getfacl command shows the reason why:

$ getfacl
# file:
# owner: root
# group: root

In this case, my primary group is domain users which has had execute permissions revoked by restricting the ACL with sudo setfacl -m 'g:domain40users:rw-' This restriction can be lifted by either of the following commands:

sudo setfacl -m 'g:domain40users:rwx'
sudo setfacl -b


Filesystem mounted with noexec option

Finally, the reason in this specific case for not being able to run the script is that the filesystem the script resides on was mounted with the noexec option. This option overrides POSIX permissions to prevent any file on that filesystem from being executed.

This can be checked by running mount to list all mounted filesystems; the mount options are listed in parentheses in the entry corresponding to the filesystem, e.g.

/dev/sda3 on /tmp type ext3 (rw,noexec)

You can either move the script to another mounted filesystem or remount the filesystem allowing execution:

sudo mount -o remount,exec /dev/sda3 /tmp

Note: I’ve used /tmp as an example here since there are good security reasons for keeping /tmp mounted with the noexec,nodev,nosuid set of options.

Answered By: Anthony Geoghegan

Try chmod +rx, this will give read and execute permissions to user, group and others.

Then try, ./

Answered By:

On my win7 with admin running cmd; I have .sh files associated with cygwin64/bin/bash, but it was blocked by cmd. None of the above suggestions helped (chmod, setfacl, mount).

The solution below worked, it is an admin sledge-hammer acl-fixer whenever folders/file become inaccessible to admin on win7, which is often):

  Start > run cmd as Admin
    Access is denied.

  cmd> chmod 0777 c:cygwin64binbash.exe
    Access is denied.

  > assoc .sh

  > ftype bash
  bash=C:cygwin64binbash.exe -- "%1" %*

  > bash
  $ FILE=c:/cygwin64/bin/bash.exe
  $ FILE=${FILE////\} # s,/,,g

  # Compare these permissions using accesschk by Mark Russinovich 2015
  $ accesschk.exe -lq  $FILE 
  $ accesschk.exe -lq c:/windows/system32/cmd.exe
  # [large output not shown]

  # === Solution: Change windows acl for bash ===
  $ takeown /F $FILE /A > /dev/null
  $ icacls $FILE /t /q /c /reset
  $ icacls $FILE /t /q /c /grant    :r Everyone:F
  $ icacls $FILE /t /q /c /setowner Administrators  
  # ====

    OK .. invokes bash
Answered By: mosh

If you still get Permission denied errors when you try to run your script in the docker’s entrypoint, just try DO NOT use the shell form of the entrypoint:

Instead of:
ENTRYPOINT ./bin/watcher write ENTRYPOINT ["./bin/watcher"]:

enter image description here

Answered By: James Bond
Categories: Answers Tags: , , ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.