diff --git a/bundler/lib/bundler/rubygems_ext.rb b/bundler/lib/bundler/rubygems_ext.rb
index e0582beba286..e759db2444b0 100644
--- a/bundler/lib/bundler/rubygems_ext.rb
+++ b/bundler/lib/bundler/rubygems_ext.rb
@@ -31,6 +31,18 @@
 end
 
 module Gem
+  module OpenFileWithBetterError
+    def open_file(path, flags, &block)
+      super
+    rescue Errno::EACCES
+      raise Bundler::PermissionError.new(path, :read)
+    end
+  end
+
+  class << self
+    prepend OpenFileWithBetterError
+  end
+
   class Specification
     include ::Bundler::MatchMetadata
     include ::Bundler::MatchPlatform
diff --git a/bundler/spec/commands/install_spec.rb b/bundler/spec/commands/install_spec.rb
index f0c9aaea8ede..1e57414377e7 100644
--- a/bundler/spec/commands/install_spec.rb
+++ b/bundler/spec/commands/install_spec.rb
@@ -1024,6 +1024,29 @@ def run
     end
   end
 
+  describe "when gemspecs are unreadable", :permissions do
+    let(:gemspec_path) { vendored_gems("specifications/rack-1.0.0.gemspec") }
+
+    before do
+      gemfile <<~G
+        source "#{file_uri_for(gem_repo1)}"
+        gem 'rack'
+      G
+      bundle "config path vendor/bundle"
+      bundle :install
+      expect(out).to include("Bundle complete!")
+      expect(err).to be_empty
+
+      FileUtils.chmod("-r", gemspec_path)
+    end
+
+    it "shows a good error" do
+      bundle :install, raise_on_error: false
+      expect(err).to include(gemspec_path.to_s)
+      expect(err).to include("grant read permissions")
+    end
+  end
+
   context "after installing with --standalone" do
     before do
       install_gemfile <<-G