diff --git a/packages/backend/src/filesystem/hl_operations/hl_stat.js b/packages/backend/src/filesystem/hl_operations/hl_stat.js
index 43d9239a5b..00d064f32c 100644
--- a/packages/backend/src/filesystem/hl_operations/hl_stat.js
+++ b/packages/backend/src/filesystem/hl_operations/hl_stat.js
@@ -49,13 +49,6 @@ class HLStat extends HLFilesystemOperation {
             throw await svc_acl.get_safe_acl_error(actor, subject, 'read');
         }
 
-        // check permission
-        // TODO: this check is redundant now that ACL is used;
-        //   we will need to remove it to implement user-user permissions
-        if(user && !await chkperm(subject.entry, user.id, 'stat')){
-            throw { code:`forbidden`, message: `permission denied.`};
-        }
-
         // TODO: why is this specific to stat?
         const mime = this.require('mime-types');
         const contentType = mime.contentType(subject.entry.name)