What does pip:PERMISSION_DENIED mean?

pip tried to write into a directory you don't have permission to modify (often system site-packages or a protected install directory).

How do I prevent pip:PERMISSION_DENIED in CI?

Use venvs for all projects and CI jobs. Don't mix `sudo` and non-`sudo` installs into the same environment. Keep system Python package management separate from project dependencies.

ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied

Q: How can I manually validate pip:PERMISSION_DENIED?

Check where pip would install: `python -m pip --version` (shows python path) and `python -c 'import site; print(site.getsitepackages())'`. Confirm you're in the intended environment (venv/conda/system). On Windows, close IDEs/terminals that might be using the Python install and retry.

Fix it fast

Most likely: pip is trying to install into a protected Python location, or the active environment is owned by another user because of earlier sudo pip or admin installs.

1. Confirm this is your error

ERROR: Could not install packages due to an OSError: [Errno 13] Permission denied: '/usr/local/locale'
ERROR: Could not install packages due to an OSError: [WinError 5] Access is denied: 'c:\\python311\\scripts\\pip.exe'

2. Check the cause

python -m pip --version
python -c 'import sys; print(sys.executable)'
python -c 'import site; print(site.getusersitepackages())'
echo $VIRTUAL_ENV

3. Apply the safe fix

# Best fix: install into a project virtual environment.
python3 -m venv .venv
. .venv/bin/activate
python -m pip install --upgrade pip
python -m pip install <package>

# If a venv is not possible and user installs are allowed:
python -m pip install --user <package>

4. Verify it works

python -m pip show <package>
python -c 'import sys; print(sys.executable)'

Don't use unsafe shortcuts

Do not use sudo pip install for normal project dependencies.
Do not change ownership of system Python directories unless you intentionally manage that Python install.
Do not keep mixing admin/root installs and regular-user installs in the same environment.

What Local Operation Failed

The remote service may be fine. This class of error is usually about what the local machine was allowed to read, write, cache, or execute.

Fix the local path, cache, or permissions

Preferred:install into a virtual environment and run pip from there.

If a venv isn't possible, use a user install when supported/appropriate:python -m pip install --user <package>

Avoid sudo pip ... unless you're intentionally managing a system Python and understand the risks.

Fix ownership/permissions if they were broken by running pip as a different user.

Manual install target checks

Check where pip would install:python -m pip --version (shows python path) and python -c 'import site; print(site.getsitepackages())'

Confirm you're in the intended environment (venv/conda/system).

On Windows, close IDEs/terminals that might be using the Python install and retry.

Why the Local Machine Blocked It

Usually this comes down to you're installing into a system Python directory without root/admin privileges, you activated the wrong environment (or didn't activate a venv), a directory is owned by another user (common after using sudo pip ...), or on Windows, the target file is locked or the directory is protected.

Verify the Local Path Is Usable Again

Re-run the pip install and confirm it completes without permission errors, and run python -m pip show <package> to confirm the package is installed in the expected environment.

Where pip installs packages

pip installs packages into the active Python environment's site-packages (or another target specified by flags). If you're installing into a system Python location without appropriate permissions, writes fail with permission errors. On Windows, access denied can also occur if files are locked by another process.

Prevent Local State Drift

To prevent this, use venvs for all projects and CI jobs, don't mix sudo and non-sudo installs into the same environment, and keep system Python package management separate from project dependencies.

Docs and source code

github.com/pypa/pip/blob/25.3/src/pip/_internal/commands/install.py

pip formats permission-related install failures in create_os_error_message() and adds an --user/permissions hint when errno is EACCES. - GitHub

def create_os_error_message(
    error: OSError, show_traceback: bool, using_user_site: bool
) -> str:
    """Format an error message for an OSError

    It may occur anytime during the execution of the install command.
    """
    parts = []

    # Mention the error if we are not going to show a traceback
    parts.append("Could not install packages due to an OSError")
    if not show_traceback:
        parts.append(": ")
        parts.append(str(error))
    else:
        parts.append(".")

    # Spilt the error indication from a helper message (if any)
    parts[-1] += "\n"

    # Suggest useful actions to the user:
    #  (1) using user site-packages or (2) verifying the permissions
    if error.errno == errno.EACCES:
        user_option_part = "Consider using the `--user` option"
        permissions_part = "Check the permissions"

        if not running_under_virtualenv() and not using_user_site:
            parts.extend(
                [
                    user_option_part,
                    " or ",
                    permissions_part.lower(),
                ]
            )
        else:
            parts.append(permissions_part)
        parts.append(".\n")