RSS

My Claude Code Setup

pjungwir1 pts0 comments

Illuminated Computing<br>My Claude Code Setup

Code like song

Illuminated Computing

My Claude Code Setup

2026-06-12<br>ai, claude, linux

I seem to have an unusual way of running Claude Code, but I find it a good trade-off between convenience and security.

I was explaining it on HN, but I wanted to write it down here too:

I always run with --dangerously-skip-permissions (or whatever it’s called; there’s a global flag I set a long time ago). I assume everyone does. It’s too tedious otherwise. But how can I do that with tolerable risk?

In fact in any mode, I wouldn’t want to run Claude without restrictions. My account has AWS creds, k8s creds, ssh keys, Github access, .env files from dozens of customers with who-knows-what, etc. I can run sudo and pass unchallenged, if I recently gave the password. There are scripts in ~/bin to join VPNs and log in to databases. My browser is signed in everywhere. Thunderbird can send/receive email. And even if Claude never forgets a boundary, aren’t I sending Anthropic at least the .env files?

So my solution was to give Claude its own OS user.

People say the LLM is like another co-worker, so I’m treating it that way. He has similar dotfiles to mine, but no secrets. My own home directory is 0700. He has his own ssh key that I added to my github profile, but it’s password-protected, and I push/pull for him. He has his own Postgres (non-superuser!) {development,test} {users,databases}. If he needs something run with sudo, he asks me. Often we can both work on something in parallel. Unix was supposed to be a multi-user system after all. I’m on Debian 13 with xfce, but I think this would work well elsewhere.

When I want Claude to do something, I open another terminal tab and su to his account. He has a ~/src folder for projects, just like me. I go to one of those and start a tmux session. His ~/.tmux.conf gives every session a yellow status bar, so they’re easy to recognize. Then new shells are just Ctrl-a c.

Usually I keep the first tmux window in bash, so I can push/pull, read commits/diffs, run extra tests, and do whatever else. I run the claude session in the second window. If I need to do more things, I start more windows. Frequently window 3 is psql. More for vim, etc.

A trick I use a lot is that many of his git repos have an extra remote, like this:

paul ssh://paul@localhost/~/src/example (fetch)<br>paul ssh://paul@localhost/~/src/example (push)

That makes it easy to collaborate on things I’m not ready to share. I also set up a /pub/paul folder where I can put non-repo things outside of ~paul, but I’ve hardly used it.

I like that I’m not mucking with VMs. Everything is on the host. Everything is set up once. Claude’s environment is as comfortable as mine. And some of Claude’s assignments require him running VMs, so there is no extra nesting.

I’ve been using this setup for months, and I really like it.

I do worry about Linux privilege escalation bugs. I don’t trust an AI to understand that exploiting vulns is not acceptable. (I can’t help but recall that at my first job I may have misused vim’s :! feature to broaden my sudo powers, which were officially limited to editing httpd.conf, when I needed something in a hurry. . . .) I find myself manually upgrading packages more often these days, despite automatic security updates. I don’t think Opus would go to the trouble of looking up security vulns, but maybe Fable would, and there have been a lot lately. Maybe some future model will just take it upon itself to find new ones. Or install a keylogger to learn the ssh key password.

Would a VM be more secure? I don’t have an intuition there. But there are hypervisor escape vulns too, and I’m anxious about shared folders. For instance in vagrant the guest gets /vagrant to read/write the host folder. You’d have to be very careful what you put where.

The biggest annoyance so far is running docker containers. I don’t want to add claude to the docker group or give it sudo privileges. I’ve read that you can set up rootless docker for a user, and even that you can run it side-by-side with a normal system-wide docker, but I haven’t tried doing that yet. If that doesn’t work, I will probably give Claude his own machine. I have plenty of spare boxes/laptops lying around.

What do you think? Are there security problems with my approach? I think it’s a great way to be efficient but responsible.

Please enable JavaScript to view the comments powered by Disqus.<br>blog comments powered by Disqus<br>Next: GeForce RTX 5070 Ti on Linux (Debian 13)

Paul A. Jungwirth

Blog

Email

Portfolio

Resume

Github

Stack Overflow

Code

Postgres temporal keys

Postgres range_agg

Postgres aggs_for_arrays

Multiclock (Rust)

Tech Notes

. . . more

Writing

My Claude Code Setup

GeForce RTX 5070 Ti on Linux (Debian 13)

Solving bison shift/reduce conflicts in Postgres

Postgres REPLICA IDENTITY

. . . Archive<br>. . . Tags

Talks

Migrating to a Temporal Schema

Temporal Roadmap

Temporal...

claude code paul like postgres setup

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

It's Not Just X. It's Y

mooreds21 ptslanguage model writing like grammarly human

Show HN: GoPeek – open links in live mini browser windows without new tabs

GeorgeWoff2518 ptsgopeek open browser links live mini
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.