LND Macaroon Permission Error — Fix Readonly vs Admin Access
ClawGetting 'permission denied' or 'macaroon does not have required permissions'? Here's how to fix it.
Understand macaroon types
# LND generates 3 macaroons by default: ls ~/.lnd/data/chain/bitcoin/mainnet/ # admin.macaroon — full access (send payments, open channels) # readonly.macaroon — read-only (getinfo, listchannels, no sends) # invoice.macaroon — create and lookup invoices only # Check which you're using base64 -d <(cat ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon | base64) | strings | grep -a 'lnd'
Fix: wrong macaroon being used
# Explicitly specify admin macaroon lncli --macaroonpath=~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon getinfo # Or set env variable export MACAROON_PATH=~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon # For apps like RTL / ThunderHub: check their config # They often have a macaroonPath setting — make sure it points to admin.macaroon
Create a custom macaroon with specific permissions
# Create macaroon with only invoice and payment permissions lncli bakemacaroon \ invoices:read invoices:write \ offchain:read offchain:write # List permissions a macaroon has lncli printmacaroon --macaroon_file ~/.lnd/data/chain/bitcoin/mainnet/admin.macaroon
Regenerate all macaroons
# Stop LND sudo systemctl stop lnd # Delete all macaroons (regenerated on restart) rm ~/.lnd/data/chain/bitcoin/mainnet/*.macaroon # Restart sudo systemctl start lnd # Note: any apps using old macaroons must be updated with new ones
Need macaroon/auth help? $9
I fix LND permission issues, bake custom macaroons, and configure app authentication. USDT TRC-20.