[DOCS] Permissions docs missing macOS `/private/*` dangerous `rm` targets

Open 💬 4 comments Opened Apr 17, 2026 by coygeek

Documentation Type

Missing documentation (feature not documented)

Documentation Location

https://code.claude.com/docs/en/permissions

Section/Topic

Bash permission rule syntax and Bash permission limitations for removal commands on macOS

Current Documentation

The docs currently say:

Bash(*) is equivalent to Bash and matches all Bash commands. Bash(npm run build) matches the exact Bash command npm run build Bash(npm run test *) matches Bash commands starting with npm run test * Bash(npm *) matches any command starting with npm

And the security page says:

Command injection detection: Suspicious bash commands require manual approval even if previously allowlisted

No current page documents that on macOS, removal targets under /private/etc, /private/var, /private/tmp, and /private/home are treated as dangerous targets when evaluating broad Bash(rm:*) allow rules.

What's Wrong or Missing?

Changelog v2.1.113 adds a macOS-specific security behavior for rm allow rules, but the docs do not describe it.

Someone reading the current permission-rule docs would reasonably expect a broad allow rule such as Bash(rm:*) to behave consistently for matching macOS paths. The documentation does not explain that /private/{etc,var,tmp,home} is treated as a dangerous removal target set on macOS, so users and administrators cannot predict when a matching rm command will still be treated as sensitive.

Suggested Improvement

Add a note or warning to the Bash permission rules section in https://code.claude.com/docs/en/permissions that explains:

  • On macOS, targets under /private/etc, /private/var, /private/tmp, and /private/home are treated as dangerous removals.
  • This applies even when a broad allow rule such as Bash(rm:*) would otherwise match the command text.
  • These /private/... paths should be called out as macOS path forms users may encounter when writing or reviewing removal-related permission rules.

It would also help to cross-reference this from the security page's note about allowlisted Bash commands still requiring manual approval for suspicious operations.

Impact

Medium - Makes feature difficult to understand

Additional Context

Affected Pages:

| Page | Context |
|------|---------|
| https://code.claude.com/docs/en/permissions | Primary explanation of Bash(...) allow-rule syntax and limitations |
| https://code.claude.com/docs/en/settings | Settings reference for permissions.allow, ask, and deny |
| https://code.claude.com/docs/en/security | Security guidance for allowlisted Bash commands that still need manual approval |

Total scope: 3 pages affected

Source: Changelog v2.1.113

Exact changelog entry:

Security: on macOS, /private/{etc,var,tmp,home} paths are now treated as dangerous removal targets under Bash(rm:*) allow rules

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗