The "dpkg: error: unable to create new file: Permission denied" error occurs when your user account lacks sufficient permissions to modify package management directories. This is almost always resolved by running the command with sudo privileges.
When you run a dpkg or apt command, the package manager needs to write files to protected system directories like /var/lib/dpkg, /var/cache/apt, and /usr. If your user account doesn't have permission to write to these directories, dpkg fails to create necessary files during installation or configuration. This error typically appears when: - A non-root user runs apt/dpkg commands without sudo - The /var/lib/dpkg directory has incorrect ownership - Lock files are preventing normal package operations - Another process is already using the package manager The error message includes the specific file path that dpkg couldn't create, helping you identify which system directory has permission issues.
The simplest and most common fix is to run your command with sudo prefix:
sudo apt update
sudo apt install package-name
sudo apt upgrade
sudo dpkg -i package.debThis grants the necessary root privileges to modify protected system directories. If you forget sudo and the command fails, just rerun it with sudo.
If you already used sudo but still see the error, another package manager might be using dpkg. Check for active processes:
sudo lsof /var/lib/dpkg/lock-frontend
sudo lsof /var/lib/apt/lists/lock
sudo lsof /var/cache/apt/archives/lockIf any processes are listed, they must complete first. If you see a process that shouldn't be running, you can kill it:
sudo kill -9 <PID>Common culprits include Software Center, Software Updater, Synaptic, or unattended-upgrades.
If no processes are using dpkg but lock files still exist, they may be stale from an interrupted operation. Remove them:
sudo rm /var/lib/dpkg/lock
sudo rm /var/lib/dpkg/lock-frontend
sudo rm /var/lib/apt/lists/lock
sudo rm /var/cache/apt/archives/lockAfter removing lock files, reconfigure dpkg:
sudo dpkg --configure -a
sudo apt updateThis forces dpkg to check and complete any pending operations.
If the problem persists, the /var/lib/dpkg or /var/cache/apt directories may have incorrect ownership. Restore proper permissions:
sudo chown -R root:root /var/lib/dpkg
sudo chown -R root:root /var/cache/apt
sudo chmod 755 /var/lib/dpkg
sudo chmod 755 /var/cache/aptThen try your package operation again:
sudo apt updateThis ensures these critical directories are owned by root and have the correct read/write/execute permissions.
If you've had interrupted downloads, clean the cache and start fresh:
sudo apt clean
sudo apt autoclean
sudo apt update
sudo apt install package-nameThe apt clean command removes all cached .deb files, while autoclean removes only outdated ones. This resolves issues with corrupted or incomplete package downloads.
In rare cases, the error occurs if /var is mounted read-only or if the disk is full:
df -h /var
mount | grep "on /var"If /var is full, delete old log files:
sudo journalctl --vacuum=50M
sudo rm /var/log/*.oldIf /var is mounted read-only, remount it as read-write:
sudo mount -o remount,rw /varSELinux and AppArmor: On systems with SELinux or AppArmor enabled, package manager operations may be blocked by security policies even with proper file permissions. If the above steps don't work, check if SELinux/AppArmor is denying access: sudo grep -i denied /var/log/audit/audit.log for SELinux or check AppArmor logs. You may need to temporarily disable these security frameworks while troubleshooting.
Rootless containers: If you're in a Docker container or Kubernetes pod running as a non-root user, you cannot use apt/dpkg directly. These tools require root. Either run the container as root or install packages in your Dockerfile during the build stage.
WSL2 (Windows Subsystem for Linux): On WSL2, ensure your /var partition has adequate disk space. The WSL2 virtual disk can become full, causing these errors. Run wsl --manage to clean up the virtual disk.
VPS/Cloud instances: Some cloud providers mount /var as read-only by default for system integrity. Contact your provider's support to have it remounted as read-write, or ask if they provide automated package management tools.
E: Could not connect to proxy server
Could not connect to proxy server
E: Package 'package:i386' has no installation candidate
How to fix "Package package:i386 has no installation candidate" in apt
E: The value 'value' is invalid for APT::Default-Release
How to fix invalid APT::Default-Release value in APT
subprocess installed post-removal script returned error exit status 1
How to fix "subprocess installed post-removal script returned error exit status 1" in APT
dpkg: error processing package package-name (--install)
How to fix "dpkg: error processing package" in apt