My Claude Code Setup
6 hours ago
- #Unix multi-user
- #Claude setup
- #AI security
- Uses a separate OS user account for Claude to avoid exposing personal credentials and secrets
- Sets restrictive permissions on personal home directory (0700) and provides Claude with its own dotfiles without secrets
- Manages limited access for Claude: separate SSH key (password-protected), non-superuser PostgreSQL databases, and requires manual sudo for elevated privileges
- Organizes workflow using tmux with distinct visual cues (yellow status bar) and multiple windows for different tasks
- Uses git remotes on localhost for easy collaboration on private projects without sharing externally
- Expresses concerns about potential Linux privilege escalation vulnerabilities and the risk of AI exploiting security flaws
- Notes challenges with Docker containers (avoiding adding Claude to docker group or granting sudo) and considers alternatives like rootless Docker or a separate machine
- Views the approach as a trade-off between convenience and security, treating Claude like a co-worker in a multi-user Unix environment