Claude Code’s permission system is the layer that decides whether each tool call — file read, file write, shell command, web fetch — proceeds. When something blocks, the error message is sometimes obvious (“Tool use denied”) and sometimes obscure (“EACCES” with no further context), and the right fix depends on which of four distinct tiers is responsible. This free guide is the complete diagnostic and repair manual for Claude Code permission errors: the OS layer, the permission modes, the settings.json allow/deny rules, the hooks, plus the cross-platform quirks that produce most production friction.
Written for the engineer hitting “permission denied” on a routine file write, the architect setting up team-wide Claude Code policies, the SRE adding audit logging for compliance, and anyone responsible for keeping Claude Code reliable and safe as the agent’s scope grows. No assumptions about prior Claude Code experience — every error is explained with the exact symptom, the diagnostic command, and the specific fix on Windows, macOS, and Linux.
The guide is honest about the trade-offs. The permission system creates friction; it also prevents the catastrophic mistakes that turn productive agentic coding into disasters. The patterns in this guide preserve the safety while reducing the friction — comprehensive allow lists for routine operations, strict deny lists for the always-no commands, hooks for compliance audit trails, and per-environment settings files that match permissions to risk. Every command in this guide has been mentally tested for accuracy; the patterns combine operational knowledge from real Claude Code deployments rather than theoretical advice.
What This Guide Covers
- The four-tier permission model — OS, mode, settings rules, hooks — and how to identify which layer is blocking you
- The four permission modes (default, plan, auto-accept, bypass) and the right one for each task
- File read failures: OS-level EACCES, working-directory scope, additionalDirectories, binary file and large file handling
- File write failures: read-only filesystems, missing parent directories, file locks, antivirus quarantine, long paths on Windows
- Bash tool permission patterns — exact-match vs prefix-match, deny rules that win, interactive command pitfalls, environment variable propagation
- Windows-specific cases: cross-drive access, UNC paths, OneDrive sync, WSL path confusion, path length limits
- macOS-specific cases: Full Disk Access, xattr quarantine, SIP-protected paths, app translocation
- Linux-specific cases: ownership after sudo, POSIX ACLs, SELinux contexts, AppArmor profiles, parent-directory execute bits
- Network filesystem issues: NFS UID mapping, sshfs stale connections, SMB credential expiry, symlink loops
- The settings.json schema, validation, and per-environment settings management
- MCP server permission inheritance — authentication, environment variables, server-specific allow rules
- Hook patterns that produce real safety: forbid pushes to main, audit logging, format-on-save
- The 8-step diagnostic checklist for any permission issue plus recipes for the most common recovery scenarios
This guide is free. No signup, no email required. AI Learning Guides publishes free troubleshooting eguides for the most common AI platform and developer-tool issues because saving you a production incident is a useful thing to do whether or not you ever buy one of our paid guides.
Reviews
There are no reviews yet.