Fixing 'Access Is Denied' Errors in WSL After an Update
Commands that worked fine yesterday suddenly fail with permission errors after a WSL or Windows update. Here's how to work through the specific, common causes rather than reflexively reaching for chmod 777.
“Access is denied” or “Permission denied” errors appearing specifically after a WSL or Windows update — for commands and files that worked fine before — usually trace to one of a few specific, common causes rather than a random regression.
Step 1: identify exactly which operation is failing
# reproduce the exact failing command and note the
# exact error text and the specific file/path involved
“Access denied” on a Linux-native file, a file under /mnt/c, and a Windows executable being called from WSL are three different problems with three different likely causes — precisely identifying which is failing narrows the investigation considerably.
Step 2: check for a Windows-side file lock, if the path is under /mnt/c
Confirm no Windows application (an editor, an antivirus scan,
a sync tool like OneDrive) currently has the specific
file open or locked
Windows file locking semantics are stricter than Linux’s by default — a file held open by a Windows-side application can produce access-denied errors from the Linux side that wouldn’t occur with the equivalent Linux-native file, a direct consequence of the filesystem bridge between the two systems.
Step 3: check whether file permission bits were reset by the update
ls -la /path/to/file
Some WSL updates have, in specific documented cases, affected how permission bits are translated or preserved for files under /mnt/c specifically — comparing current permissions against what you’d expect (or against a similar unaffected file) can reveal whether bits were unexpectedly reset.
Step 4: check for a changed default umask
umask
A changed default umask value (sometimes introduced by a distro update rather than a WSL platform update specifically) changes the default permissions newly-created files receive, which can look like a permissions regression on new files while leaving old ones unaffected.
Step 5: check ownership specifically, not just permission bits
ls -la /path/to/file
# confirm the owning user matches your current WSL user
A file owned by a different user (sometimes root, if a command was previously run with sudo and created a file without you noticing) produces access-denied errors for your normal user regardless of permission bits — chown to correct ownership is the right fix here, not broadening permission bits.
Step 6: check for an interop-specific permission issue when calling Windows executables
If the specific failure involves calling a Windows executable from WSL, confirm the Windows-side executable and its target files have appropriate Windows-side permissions — this is a genuinely separate permission system from Linux’s, and an access-denied error here may need fixing from the Windows side, not the Linux side.
Step 7: restart WSL2 fully to rule out a stale mount state
wsl --shutdown
Occasionally, a filesystem mount’s permission-translation state can become stale following an update without a full restart — this rules out that specific category of cause before investigating further.
Step 8: avoid reaching for chmod 777 as a first response
Broadly opening permissions to work around an access-denied error masks the actual underlying cause (a lock, an ownership mismatch, a stale mount) without fixing it, and can create a genuine security gap on files that didn’t need broad access in the first place — worth resisting as a quick fix in favor of identifying the actual specific cause first.
Why updates specifically can surface previously-latent permission issues
An update can change default umask values, permission-translation behavior for /mnt/c paths, or file locking interaction subtleties — any of which can surface a permission problem that simply didn’t manifest under the exact previous configuration, which is why “it started after an update” is a genuinely useful diagnostic clue rather than just an annoyance.