GitHub Actions "EACCES: permission denied" in a container job
When a job runs in a container whose default user is not root or does not match the runner's UID, the mounted workspace and tool paths can be unwritable, producing EACCES.
What this error means
A container job fails when writing files, installing packages, or running a build, with "EACCES: permission denied" pointing at a path under the workspace or a cache directory.
github-actions
Error: EACCES: permission denied, open '/__w/repo/repo/dist/out.js'Common causes
Non-root container user without write access
The image declares a USER that lacks ownership of the mounted workspace volume, so writes into it are denied.
Files created by a prior root step
An earlier step ran as root and left root-owned files that a later non-root step cannot overwrite.
How to fix it
Run the container as a writable user
- Set the container options to run as root, or as a UID that owns the workspace.
- Alternatively fix ownership with a chown step at the start of the job.
- Avoid mixing root and non-root steps that touch the same paths.
.github/workflows/ci.yml
jobs:
build:
runs-on: ubuntu-latest
container:
image: node:20
options: --user rootHow to prevent it
- Pick a container user that owns the mounted workspace.
- Keep a job's steps consistent in the user they run as.
- chown the workspace early if the image uses a non-root default user.
Related guides
GitHub Actions Container Job Volume Permission DeniedFix GitHub Actions container job "permission denied" on volumes - the container user UID differs from the run…
GitHub Actions Container Job Fails to Start - Image, Entrypoint, or VolumeFix GitHub Actions container job failures - a missing image, registry auth, an entrypoint that exits, or volu…
GitHub Actions "Container action is only supported on Linux"Fix GitHub Actions "Container action is only supported on Linux" - a Docker container action was scheduled on…