How to fix read-only file system in Terraform

TerraformINTERMEDIATEHIGH

The "read-only file system" error occurs when Terraform cannot write to directories needed for state files, plugins, or temporary operations. This typically happens in containerized or restricted environments. Fix by ensuring writable directories are available and properly mounted.

What this error means

The "read-only file system" error indicates that Terraform is attempting to write to a directory or file on a filesystem that has been mounted or configured as read-only. Terraform needs write access to several locations: 1. The working directory (for .terraform/ plugins and lock files) 2. The state file directory (for terraform.tfstate and backups) 3. Temporary directories (for provider caching and operations) When any of these locations are read-only, Terraform operations fail at the point where a write is attempted.

How to fix "read-only file system"

1Verify filesystem is writable

Check if the filesystem is mounted as read-only:

bash

# Check mount status
mount | grep " / "
# Look for "ro" flag - if you see it, filesystem is read-only

# Try to touch a test file in working directory
touch test-file.txt
rm test-file.txt

If you see "(ro)" in the mount output, the filesystem is read-only.

2Check disk space

A full disk can cause the kernel to remount as read-only:

bash

# Check available space
df -h

# Look for 100% usage - this is critical
df -i  # Check inode usage too

# Clean up if needed
rm -rf /path/to/large/files

Free up disk space and the filesystem may remount automatically as writable.

3Verify working directory permissions

Ensure you have write permissions:

bash

# Check current directory permissions
ls -ld .

# Check if you can write (should complete without error)
touch .test-write && rm .test-write

# If permission denied, check user/group
id
groups

# Fix permissions if needed
chmod u+w .

The working directory must be writable by the user running Terraform.

4For Docker containers, mount writable volumes

Ensure the working directory is on a writable volume:

bash

# Run with writable volume
docker run -v /path/to/writable:/work \
  -w /work \
  hashicorp/terraform:latest init

# Or in docker-compose.yml
services:
  terraform:
    image: hashicorp/terraform:latest
    volumes:
      - ./terraform:/work
      - terraform-cache:/root/.terraform.d
    working_dir: /work

volumes:
  terraform-cache:

Avoid mounting directories as read-only (no :ro flag).

5Set TF_DATA_DIR for custom state/plugin location

If the default location is read-only, redirect to a writable location:

bash

# Set to writable directory
export TF_DATA_DIR=/tmp/.terraform

# Or in environment during apply
TF_DATA_DIR=/writable/path terraform init
TF_DATA_DIR=/writable/path terraform apply

This moves plugin cache and working files to a writable location.

6Remount filesystem as writable (if you have root access)

If the filesystem was remounted read-only due to errors:

bash

# Check current mounts
mount | grep " / "

# Remount as writable (requires sudo)
sudo mount -o remount,rw /

# Or for specific partition
sudo mount -o remount,rw /var

This is a temporary fix. Investigate why it was marked read-only (disk errors, full disk, etc.).

7Use remote state backend to bypass local write issues

Store state remotely instead of locally:

hcl

# terraform.tf
terraform {
  cloud {
    organization = "my-org"

    workspaces {
      name = "my-workspace"
    }
  }
}

# Or with S3
terraform {
  backend "s3" {
    bucket         = "my-terraform-state"
    key            = "prod/terraform.tfstate"
    region         = "us-east-1"
    dynamodb_table = "terraform-locks"
  }
}

Remote backends bypass local filesystem write requirements for state.

How to fix read-only file system in Terraform

What this error means

Typical symptoms

Common causes

How to fix "read-only file system"

Advanced notes

Related errors

Official resources & further reading