From e3ac39aeeb17ae97949b2e69969f1ce8a364b343 Mon Sep 17 00:00:00 2001 From: yyamashita Date: Sat, 16 May 2026 12:42:32 +0900 Subject: Fix claude daemon: non-root user and PTY allocation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit root 実行時のセキュリティ制限と TTY なし問題を修正。 claude-agent ユーザーを作成し、script コマンドで疑似 TTY を確保する。 Co-Authored-By: Claude Sonnet 4.6 --- scripts/claude-daemon-setup.sh | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'scripts') diff --git a/scripts/claude-daemon-setup.sh b/scripts/claude-daemon-setup.sh index 4176936..0652e27 100644 --- a/scripts/claude-daemon-setup.sh +++ b/scripts/claude-daemon-setup.sh @@ -7,6 +7,17 @@ if ! command -v claude &>/dev/null; then npm install -g @anthropic-ai/claude-code fi +# Create non-root user for claude sessions (root is blocked by claude security policy) +if ! id claude-agent &>/dev/null; then + useradd -r -m -s /bin/bash claude-agent +fi +usermod -aG docker claude-agent +chown -R claude-agent:claude-agent /app + +# Copy credentials from root to claude-agent +cp /root/.claude.json /home/claude-agent/.claude.json +chown claude-agent:claude-agent /home/claude-agent/.claude.json + declare -A REPOS=( ["infra"]="/app/infra" ["tokyo"]="/app" @@ -24,9 +35,9 @@ After=network.target [Service] Type=simple -User=root +User=claude-agent WorkingDirectory=${DIR} -ExecStart=/usr/bin/env claude --remote-control "${NAME}" +ExecStart=/usr/bin/script -q -c "claude --remote-control ${NAME}" /dev/null Restart=always RestartSec=15 StandardOutput=journal -- cgit v1.2.3