Introduction
While working with FTP (such as FileZilla) on Linux servers, you may encounter a situation where:
- You can upload new files
- You can create directories
- But you cannot overwrite existing files, receiving a “permission denied” error
This issue usually occurs due to ACL (Access Control List) restrictions, where the ACL mask limits write permissions—even if standard Linux permissions (chmod/chown) appear correct.
At first glance, standard file permissions (chmod) and ownership (chown) may appear correct. However, the root cause in many such cases is related to Access Control Lists (ACL), which can override traditional permission settings.
If the issue is related to connectivity rather than permissions, you may encounter SFTP problems like SFTP connection refused error.
What is FTP Permission Denied Error?
The FTP “open for write: permission denied” error occurs when a user tries to modify or overwrite an existing file but lacks effective write permissions on the server.
Even when directory and file permissions seem correct, hidden permission layers like ACL can block write access—this is one of the most common FTP errors in Linux environments affecting file operations.
Problem Overview
In this case:
- The FTP user (developer) had access to the directory
- Directory permissions were set correctly (755 or 775)
- File permissions also looked normal
However, checking ACL revealed:
#getfacl controllers/Output:
user:developer:rwx #effective:r-x
mask::r-xEven though the user had rwx, the effective permission was reduced to r-x due to the ACL mask.
This prevented the user from writing or overwriting files.
Why This Happens (Root Cause)
ACL introduces an additional permission layer, and in some environments, security mechanisms like SELinux configuration in Linux can further restrict file access beyond standard permissions:
- The mask defines the maximum allowed permissions
- If the mask is restrictive (e.g., r-x), it overrides user permissions
So even if:
user:developer:rwxIt becomes:
effective:r-xNo write access → FTP overwrite fails
How to Fix FTP Permission Denied Error (Step-by-Step)
Step 1: Check ACL Permissions
#getfacl /var/www/your-project-pathLook for:
mask::r-x
#effective:r-xStep 2: Fix the ACL Mask
Update the mask to allow write access:
#setfacl -m mask:rwx /var/www/your-project-pathStep 3: Apply Permissions Recursively (if needed)
#setfacl -R -m u:developer:rwx /var/www/your-project-path
#setfacl -R -m mask:rwx /var/www/your-project-pathStep 4: (Optional) Remove ACL Completely
If ACL is not required in your setup, it’s better to remove it:
#setfacl -bR /var/www/your-project-pathThis restores standard Linux permission behavior and removes the + sign from ls -l.
Important: ACL can silently block write access even when traditional permissions look correct.
Real-World Insight
In many production environments, this issue commonly appears when:
- Multiple users or deployment tools modify permissions
- Default ACLs are applied automatically on directories
- CI/CD pipelines override permission settings
Ignoring ACL can lead to repeated FTP failures even after fixing chmod/chown.
Key Takeaways
- FTP overwrite errors are often caused by ACL mask restrictions
- Standard permissions (chmod/chown) may not reflect actual access
- Always check ACL using
getfacl - Fix using
setfacl -m mask:rwxor remove ACL entirely - Understanding ACL ensures stable and predictable server behavior
Conclusion
FTP upload issues—especially when only overwriting fails—are often caused by hidden ACL restrictions rather than basic permission misconfigurations.
By identifying and correcting the ACL mask, or removing ACL entirely, you can restore proper file write access and ensure smooth FTP operations.
Understanding how ACL interacts with standard permissions is essential for maintaining stable and predictable server behavior in Linux environments.
If you’re facing persistent server permission issues or need expert assistance with Linux server management, consider professional support to ensure secure and error-free operations.
