zuevav/Bridge-and-Join-s
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(claude): сузить sudo-deny и разрешить установочные команды

Browse Source 
Замена широкого Bash(sudo *) deny на узкие опасные паттерны
(sudo rm/dd/mkfs/passwd/userdel/usermod/visudo/su/-s/-i),
добавление в allow: sudo dnf/rpm/tar/ln/cp/mv/chmod/chown/systemctl,
sudo tee /etc/profile.d/*, curl/wget. Нужно, чтобы Claude Code
автоматически устанавливал пакеты при подготовке dev-стенда.
Write-deny на /etc, /var, /root, /home/admin сохранён.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
fontvielle
2026-05-14 00:30:30 +03:00
parent 3fdc526031
commit 3437590d44
1 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.claude/settings.json
+25 -2
View File
@@ -23,13 +23,36 @@
"Bash(find *)", "Bash(find *)",
"Bash(npm run *)", "Bash(npm run *)",
"Bash(npx *)", "Bash(npx *)",
"Bash(./scripts/*)" "Bash(./scripts/*)",
"Bash(sudo dnf *)",
"Bash(sudo rpm *)",
"Bash(sudo tar *)",
"Bash(sudo ln *)",
"Bash(sudo mkdir *)",
"Bash(sudo cp *)",
"Bash(sudo mv *)",
"Bash(sudo chmod *)",
"Bash(sudo chown *)",
"Bash(sudo systemctl *)",
"Bash(sudo tee /etc/profile.d/*)",
"Bash(sudo update-alternatives *)",
"Bash(curl *)",
"Bash(wget *)"
], ],
"deny": [ "deny": [
"Bash(rm -rf /*)", "Bash(rm -rf /*)",
"Bash(rm -rf ~)", "Bash(rm -rf ~)",
"Bash(rm -rf $HOME)", "Bash(rm -rf $HOME)",
"Bash(sudo *)", "Bash(sudo rm *)",
"Bash(sudo dd *)",
"Bash(sudo mkfs *)",
"Bash(sudo passwd *)",
"Bash(sudo userdel *)",
"Bash(sudo usermod *)",
"Bash(sudo visudo *)",
"Bash(sudo su *)",
"Bash(sudo -s)",
"Bash(sudo -i)",
"Bash(dd *)", "Bash(dd *)",
"Bash(mkfs *)", "Bash(mkfs *)",
"Bash(curl * | sh)", "Bash(curl * | sh)",