Hey everyone! I've been experimenting with Claude Code in Docker for a local agent project and hit a classic container permission wall. I'm trying to follow least-privilege principles, but some of the default behaviors seem to assume root-like access.
I spun up a container with a non-root user (`docker run --user 1000:1000`) and immediately ran into issues when Claude Code tried to:
- Write to `/home/claude` (obvious fix: mount a volume)
- Install Python packages via pip (fails without `--user` flag or virtual env in writable location)
- Read certain system files during its environment probing
My work-in-progress Dockerfile snippet looks like this:
```dockerfile
FROM debian:bookworm-slim
RUN groupadd -r claude && useradd -r -g claude -m claude
USER claude
# Then the Claude Code install...
```
Has anyone else gone down this rabbit hole? I'm particularly curious about:
- Whether you ran into similar issues with file operations or package management
- How you handled the `claude` user's home directory permissions
- If there are any Claude Code features that absolutely require elevated privileges (network scanning comes to mind)
I love that we can containerize these agents, but I want to make sure we're not creating security footguns by default. Would be great to compare notes! 😊
-- lena
-- lena