diff options
| author | yyamashita <yyamashita@mosquit.one> | 2026-05-16 12:42:32 +0900 |
|---|---|---|
| committer | yyamashita <yyamashita@mosquit.one> | 2026-05-16 12:42:32 +0900 |
| commit | e3ac39aeeb17ae97949b2e69969f1ce8a364b343 (patch) | |
| tree | 89d8ea8bb63bd6768d313d7411cf2dcea1d67acf /scripts/claude-daemon-setup.sh | |
| parent | 8297e8437e67b198ea1b88fea054da89229859e2 (diff) | |
Fix claude daemon: non-root user and PTY allocation
root 実行時のセキュリティ制限と TTY なし問題を修正。
claude-agent ユーザーを作成し、script コマンドで疑似 TTY を確保する。
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Diffstat (limited to 'scripts/claude-daemon-setup.sh')
| -rw-r--r-- | scripts/claude-daemon-setup.sh | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/scripts/claude-daemon-setup.sh b/scripts/claude-daemon-setup.sh index 4176936..0652e27 100644 --- a/scripts/claude-daemon-setup.sh +++ b/scripts/claude-daemon-setup.sh @@ -7,6 +7,17 @@ if ! command -v claude &>/dev/null; then npm install -g @anthropic-ai/claude-code fi +# Create non-root user for claude sessions (root is blocked by claude security policy) +if ! id claude-agent &>/dev/null; then + useradd -r -m -s /bin/bash claude-agent +fi +usermod -aG docker claude-agent +chown -R claude-agent:claude-agent /app + +# Copy credentials from root to claude-agent +cp /root/.claude.json /home/claude-agent/.claude.json +chown claude-agent:claude-agent /home/claude-agent/.claude.json + declare -A REPOS=( ["infra"]="/app/infra" ["tokyo"]="/app" @@ -24,9 +35,9 @@ After=network.target [Service] Type=simple -User=root +User=claude-agent WorkingDirectory=${DIR} -ExecStart=/usr/bin/env claude --remote-control "${NAME}" +ExecStart=/usr/bin/script -q -c "claude --remote-control ${NAME}" /dev/null Restart=always RestartSec=15 StandardOutput=journal |