rm -rf command executed without permission despite explicit allow-list in settings.local.json

Resolved 💬 7 comments Opened Dec 29, 2025 by sklarsa Closed Feb 28, 2026

Description:

Claude Code executed rm -rf commands without prompting for permission, despite having a restrictive allow-list configured in .claude/settings.local.json.

Version: 2.0.65

OS: Linux 6.18.1-arch1-2

Steps to reproduce:

  1. Create .claude/settings.local.json with restrictive permissions:
{
  "permissions": {
    "allow": [
      "Bash(wc:*)",
      "Bash(find:*)",
      "Bash(ls:*)",
      "Bash(git checkout:*)"
    ]
  }
}
  1. Ask Claude to remove a directory
  2. Claude executes rm -rf /path/to/directory without prompting for permission

Expected behavior:
Claude should prompt for permission before executing rm -rf since it's not in the allow-list.

Actual behavior:
The command executed immediately without any permission prompt, deleting the directory.

Commands that bypassed permissions:

  • rm -rf /home/steven/source/qdb/serverless-functions/services/auth
  • rm -rf /home/steven/source/qdb/serverless-functions/services/stargazers

View original on GitHub ↗

This issue has 7 comments on GitHub. Read the full discussion on GitHub ↗