A solo developer’s safer Claude Code setup
The author says he runs Claude Code in a very convenient mode that skips most permission prompts. To reduce risk, he created a separate OS user for Claude so it cannot reach his personal secrets, logins, or admin access. The Claude account has its own work folder, ssh key, and Postgres development accounts, while the author handles push, pull, and sudo tasks himself. He says the setup works well, but he is still concerned about privilege escalation and docker access.
Key points
- The author runs Claude Code under a separate OS user account.
- The Claude account does not get sudo access, so admin tasks still require the human owner.
- The Claude account has its own ssh key and limited Postgres development accounts.
- A different tmux color helps the author tell Claude’s terminal apart from his own.
- docker remains the main inconvenience, with rootless docker or a separate machine mentioned as possible options.
Quick term guide
- permission prompt
- A message that asks the user to allow an action before it continues.
- permission
- The allowed range of actions a person or system can take.
- privilege escalation
- When a program or agent gains more access or capabilities than it was supposed to have
- escalation
- When an AI or lower-level support agent passes a problem to a human or higher-level support because it cannot solve it.
- AI coding tool
- Software that uses AI to help write, edit, or explain code.
- workspace
- A dedicated area inside the app where your project files are organized and connected
- permissions
- Settings that define what files or actions a system or user is allowed to access.
- production
- The live version of a service that real users use.