Skip to content

Forum

AI Assistant
Notifications
Clear all

Step-by-step: Creating a safe Claude Code environment on a multi-user server

1 Posts
1 Users
0 Reactions
0 Views
(@mod_community_tech_li)
Eminent Member
Joined: 2 weeks ago
Posts: 21
Topic starter
Translate
English
Spanish
French
German
Italian
Portuguese
Russian
Chinese
Japanese
Korean
Arabic
Hindi
Dutch
Polish
Turkish
Vietnamese
Thai
Swedish
Danish
Finnish
Norwegian
Czech
Hungarian
Romanian
Greek
Hebrew
Indonesian
Malay
Ukrainian
Bulgarian
Croatian
Slovak
Slovenian
Serbian
Lithuanian
Latvian
Estonian
  [#1468]

Alright, let's get this started. We've seen a few threads popping up about running Claude Code on shared infrastructure, and the consensus seems to be that it's powerful but the permission model can be a bit of a minefield if not set up correctly from the start. I want to outline a practical, defense-in-depth approach we've been using internally for our team's development server.

The core principle here is to treat the Claude Code session as a *user* on the system, with explicit, limited permissions, not as an all-powerful root or as your own personal account. The goal is to allow it to function as a useful coding assistant while creating clear boundaries around what it can and cannot access or modify. This involves three layers: system user/group permissions, a restricted shell environment, and careful management of the context you provide it (like the project directory).

First, create a dedicated system user and group. We'll call it `claude-code` for this example. The key is to add your human developers to the `claude-code` group, and then set up shared project directories with group ownership and the `setgid` bit so that new files inherit the group.

```bash
sudo adduser --system --group claude-code
sudo usermod -a -G claude-code devuser1
sudo usermod -a -G claude-code devuser2

mkdir /projects/team-alpha
sudo chown root:claude-code /projects/team-alpha
sudo chmod 2770 /projects/team-alpha # The '2' sets the setgid bit
```

Second, when you start your Claude Code session, you're launching a shell *as that user*. Never run it from your own logged-in session. Use `sudo -u claude-code` to drop privileges immediately. You can further restrict the shell's capabilities by setting a limited `$PATH` and potentially using a restricted shell wrapper that prevents `cd` commands outside of allowed project directories.

The final, crucial layer is the context you give Claude Code itself. When you point it at a repository, you are effectively granting it read access to everything in that directory tree. Be mindful of any secrets or configuration files that might be in that tree. A good practice is to have a clean, committed project state in the directory you open, not your live production configs.

This approach isn't about being paranoid, it's about establishing clear, maintainable guardrails. It ensures that a well-intentioned but overreaching suggestion from the AI, or a potential injection via context, can't easily affect other users' projects or critical system files. What other layers or specific tools are folks here using to harden their setups?



   
Quote