Fix claude daemon: non-root user and PTY allocation

root 実行時のセキュリティ制限と TTY なし問題を修正。 claude-agent ユーザーを作成し、script コマンドで疑似 TTY を確保する。 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
author: yyamashita <yyamashita@mosquit.one> 2026-05-16 12:42:32 +0900
committer: yyamashita <yyamashita@mosquit.one> 2026-05-16 12:42:32 +0900
commit: e3ac39aeeb17ae97949b2e69969f1ce8a364b343 (patch)
tree: 89d8ea8bb63bd6768d313d7411cf2dcea1d67acf /scripts
parent: 8297e8437e67b198ea1b88fea054da89229859e2 (diff)
1 files changed, 13 insertions, 2 deletions
diff --git a/scripts/claude-daemon-setup.sh b/scripts/claude-daemon-setup.sh
index 4176936..0652e27 100644
--- a/scripts/claude-daemon-setup.sh
+++ b/scripts/claude-daemon-setup.sh
@@ -7,6 +7,17 @@ if ! command -v claude &>/dev/null; then
   npm install -g @anthropic-ai/claude-code
 fi
 
+# Create non-root user for claude sessions (root is blocked by claude security policy)
+if ! id claude-agent &>/dev/null; then
+  useradd -r -m -s /bin/bash claude-agent
+fi
+usermod -aG docker claude-agent
+chown -R claude-agent:claude-agent /app
+
+# Copy credentials from root to claude-agent
+cp /root/.claude.json /home/claude-agent/.claude.json
+chown claude-agent:claude-agent /home/claude-agent/.claude.json
+
 declare -A REPOS=(
   ["infra"]="/app/infra"
   ["tokyo"]="/app"
@@ -24,9 +35,9 @@ After=network.target
 
 [Service]
 Type=simple
-User=root
+User=claude-agent
 WorkingDirectory=${DIR}
-ExecStart=/usr/bin/env claude --remote-control "${NAME}"
+ExecStart=/usr/bin/script -q -c "claude --remote-control ${NAME}" /dev/null
 Restart=always
 RestartSec=15
 StandardOutput=journal
author	yyamashita <yyamashita@mosquit.one>	2026-05-16 12:42:32 +0900
committer	yyamashita <yyamashita@mosquit.one>	2026-05-16 12:42:32 +0900
commit	e3ac39aeeb17ae97949b2e69969f1ce8a364b343 (patch)
tree	89d8ea8bb63bd6768d313d7411cf2dcea1d67acf /scripts
parent	8297e8437e67b198ea1b88fea054da89229859e2 (diff)