Skip to content
Latchkey

GitHub Actions "EACCES: permission denied" in a container job

When a job runs in a container whose default user is not root or does not match the runner's UID, the mounted workspace and tool paths can be unwritable, producing EACCES.

What this error means

A container job fails when writing files, installing packages, or running a build, with "EACCES: permission denied" pointing at a path under the workspace or a cache directory.

github-actions
Error: EACCES: permission denied, open '/__w/repo/repo/dist/out.js'

Common causes

Non-root container user without write access

The image declares a USER that lacks ownership of the mounted workspace volume, so writes into it are denied.

Files created by a prior root step

An earlier step ran as root and left root-owned files that a later non-root step cannot overwrite.

How to fix it

Run the container as a writable user

  1. Set the container options to run as root, or as a UID that owns the workspace.
  2. Alternatively fix ownership with a chown step at the start of the job.
  3. Avoid mixing root and non-root steps that touch the same paths.
.github/workflows/ci.yml
jobs:
  build:
    runs-on: ubuntu-latest
    container:
      image: node:20
      options: --user root

How to prevent it

  • Pick a container user that owns the mounted workspace.
  • Keep a job's steps consistent in the user they run as.
  • chown the workspace early if the image uses a non-root default user.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →