diff --git a/Cargo.lock b/Cargo.lock
index b06d33e..a352bf4 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -662,6 +662,7 @@ dependencies = [
  "subtle",
  "tempfile",
  "thiserror",
+ "uucore",
  "zeroize",
 ]
 
diff --git a/src/shadow-core/Cargo.toml b/src/shadow-core/Cargo.toml
index 8bb8a97..ed335df 100644
--- a/src/shadow-core/Cargo.toml
+++ b/src/shadow-core/Cargo.toml
@@ -18,6 +18,7 @@ path = "src/lib.rs"
 libc = { workspace = true }
 rustix = { workspace = true }
 thiserror = { workspace = true }
+uucore = { workspace = true }
 zeroize = { workspace = true }
 subtle = { workspace = true }
 landlock = { workspace = true, optional = true }
diff --git a/src/shadow-core/src/lib.rs b/src/shadow-core/src/lib.rs
index 773373f..a16c6a7 100644
--- a/src/shadow-core/src/lib.rs
+++ b/src/shadow-core/src/lib.rs
@@ -10,6 +10,7 @@
 
 pub mod cli;
 pub mod error;
+pub mod os_error;
 pub mod passwd;
 pub mod validate;
 
diff --git a/src/shadow-core/src/os_error.rs b/src/shadow-core/src/os_error.rs
new file mode 100644
index 0000000..17e290c
--- /dev/null
+++ b/src/shadow-core/src/os_error.rs
@@ -0,0 +1,40 @@
+// This file is part of the shadow-rs package.
+//
+// For the full copyright and license information, please view the LICENSE
+// file that was distributed with this source code.
+
+//! Error text sourced from the operating system instead of hardcoded.
+//!
+//! Wording for conditions that map to a libc `errno` is taken from the OS
+//! (libc's `strerror`, surfaced through [`std::io::Error`]) rather than
+//! carried as a string literal in our tree. This keeps the text matching the
+//! host OS and lets glibc translate it on localized systems — the same way
+//! GNU coreutils renders system errors (e.g. `cat: /tmp: Is a directory`).
+//! See issue #159.
+
+/// The OS message for `EACCES` ("Permission denied"), sourced from libc.
+///
+/// Rendered as "Permission denied" on English locales and the translated
+/// equivalent elsewhere; on a libc that does not translate (musl) it is the
+/// untranslated English text. `strip_errno` (the helper uucore uses for its
+/// own I/O errors) drops the " (os error N)" suffix that `io::Error`'s
+/// `Display` appends, leaving the bare OS message — matching coreutils output.
+#[must_use]
+pub fn permission_denied() -> String {
+    uucore::error::strip_errno(&std::io::Error::from_raw_os_error(libc::EACCES))
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn permission_denied_is_bare_os_message() {
+        let msg = permission_denied();
+        // Non-empty, and the bare OS text — not Rust's "... (os error 13)"
+        // rendering (the regression that suffix-stripping prevents). We assert
+        // the shape, not the exact wording, since libc may localize it.
+        assert!(!msg.is_empty());
+        assert!(!msg.contains("(os error"), "got: {msg:?}");
+    }
+}
diff --git a/src/uu/chage/src/chage.rs b/src/uu/chage/src/chage.rs
index cdaff08..801fca3 100644
--- a/src/uu/chage/src/chage.rs
+++ b/src/uu/chage/src/chage.rs
@@ -274,7 +274,10 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
             let current_user = shadow_core::hardening::current_username()
                 .map_err(|e| ChageError::UnexpectedFailure(e.to_string()))?;
             if current_user != *login {
-                return Err(ChageError::PermissionDenied("Permission denied.".into()).into());
+                return Err(ChageError::PermissionDenied(
+                    shadow_core::os_error::permission_denied(),
+                )
+                .into());
             }
         }
         return cmd_list(&root, login);
@@ -282,7 +285,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
 
     // All modification flags require root.
     if !shadow_core::hardening::caller_is_root() {
-        return Err(ChageError::PermissionDenied("Permission denied.".into()).into());
+        return Err(
+            ChageError::PermissionDenied(shadow_core::os_error::permission_denied()).into(),
+        );
     }
 
     if !has_modifications {
diff --git a/src/uu/chpasswd/src/chpasswd.rs b/src/uu/chpasswd/src/chpasswd.rs
index c1f6b0c..6e58be5 100644
--- a/src/uu/chpasswd/src/chpasswd.rs
+++ b/src/uu/chpasswd/src/chpasswd.rs
@@ -186,7 +186,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
 
     // chpasswd always requires root.
     if !shadow_core::hardening::caller_is_root() {
-        return Err(ChpasswdError::PermissionDenied("Permission denied.".into()).into());
+        return Err(
+            ChpasswdError::PermissionDenied(shadow_core::os_error::permission_denied()).into(),
+        );
     }
 
     let is_encrypted = matches.get_flag(options::ENCRYPTED);
diff --git a/src/uu/groupadd/src/groupadd.rs b/src/uu/groupadd/src/groupadd.rs
index a65644c..d83ed41 100644
--- a/src/uu/groupadd/src/groupadd.rs
+++ b/src/uu/groupadd/src/groupadd.rs
@@ -109,7 +109,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     };
 
     if !shadow_core::hardening::caller_is_root() {
-        uucore::show_error!("Permission denied.");
+        uucore::show_error!("{}", shadow_core::os_error::permission_denied());
         return Err(GroupaddError::AlreadyPrinted(1).into());
     }
 
diff --git a/src/uu/groupdel/src/groupdel.rs b/src/uu/groupdel/src/groupdel.rs
index 39d7c83..32a7da2 100644
--- a/src/uu/groupdel/src/groupdel.rs
+++ b/src/uu/groupdel/src/groupdel.rs
@@ -97,7 +97,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     };
 
     if !shadow_core::hardening::caller_is_root() {
-        uucore::show_error!("Permission denied.");
+        uucore::show_error!("{}", shadow_core::os_error::permission_denied());
         return Err(GroupdelError::AlreadyPrinted(1).into());
     }
 
diff --git a/src/uu/groupmod/src/groupmod.rs b/src/uu/groupmod/src/groupmod.rs
index dc7d337..0f326cb 100644
--- a/src/uu/groupmod/src/groupmod.rs
+++ b/src/uu/groupmod/src/groupmod.rs
@@ -109,7 +109,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     };
 
     if !shadow_core::hardening::caller_is_root() {
-        uucore::show_error!("Permission denied.");
+        uucore::show_error!("{}", shadow_core::os_error::permission_denied());
         return Err(GroupmodError::AlreadyPrinted(1).into());
     }
 
diff --git a/src/uu/passwd/src/passwd.rs b/src/uu/passwd/src/passwd.rs
index cafcf92..d3f3fd2 100644
--- a/src/uu/passwd/src/passwd.rs
+++ b/src/uu/passwd/src/passwd.rs
@@ -188,12 +188,18 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
         // Non-root users can only view their own status.
         if !shadow_core::hardening::caller_is_root() {
             if show_all {
-                return Err(PasswdError::PermissionDenied("Permission denied.".into()).into());
+                return Err(PasswdError::PermissionDenied(
+                    shadow_core::os_error::permission_denied(),
+                )
+                .into());
             }
             let current_user = shadow_core::hardening::current_username()
                 .map_err(|e| PasswdError::UnexpectedFailure(e.to_string()))?;
             if current_user != target_user {
-                return Err(PasswdError::PermissionDenied("Permission denied.".into()).into());
+                return Err(PasswdError::PermissionDenied(
+                    shadow_core::os_error::permission_denied(),
+                )
+                .into());
             }
         }
 
@@ -218,7 +224,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     // caller to be root. Non-root users can only change their own password
     // (the default PAM path below).
     if (has_mutation || has_aging) && !shadow_core::hardening::caller_is_root() {
-        return Err(PasswdError::PermissionDenied("Permission denied.".into()).into());
+        return Err(
+            PasswdError::PermissionDenied(shadow_core::os_error::permission_denied()).into(),
+        );
     }
 
     // When a mutation flag and aging flags are both present, apply both in a
diff --git a/src/uu/useradd/src/useradd.rs b/src/uu/useradd/src/useradd.rs
index 4ce7a13..c6f1b9c 100644
--- a/src/uu/useradd/src/useradd.rs
+++ b/src/uu/useradd/src/useradd.rs
@@ -290,7 +290,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
 
     // Only root can add users.
     if !shadow_core::hardening::caller_is_root() {
-        uucore::show_error!("Permission denied.");
+        uucore::show_error!("{}", shadow_core::os_error::permission_denied());
         return Err(UseraddError::AlreadyPrinted(1).into());
     }
 
diff --git a/src/uu/userdel/src/userdel.rs b/src/uu/userdel/src/userdel.rs
index b676b4e..a00ddce 100644
--- a/src/uu/userdel/src/userdel.rs
+++ b/src/uu/userdel/src/userdel.rs
@@ -97,7 +97,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
 
     // Must be root.
     if !rustix::process::getuid().is_root() {
-        return Err(UserdelError::CantUpdatePasswd("Permission denied.".into()).into());
+        return Err(
+            UserdelError::CantUpdatePasswd(shadow_core::os_error::permission_denied()).into(),
+        );
     }
 
     // Read the user's home directory and UID from /etc/passwd BEFORE removing
diff --git a/src/uu/usermod/src/usermod.rs b/src/uu/usermod/src/usermod.rs
index 87d12fd..cb8d13f 100644
--- a/src/uu/usermod/src/usermod.rs
+++ b/src/uu/usermod/src/usermod.rs
@@ -99,7 +99,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> {
     let root = SysRoot::new(prefix);
 
     if !rustix::process::getuid().is_root() {
-        return Err(UsermodError::CantUpdate("Permission denied.".into()).into());
+        return Err(UsermodError::CantUpdate(shadow_core::os_error::permission_denied()).into());
     }
 
     // Block signals for the passwd lock→write critical section only.