[BUG] ccd-cli fails on multi-user Linux: /tmp/claude-settings-{hash}.json collides between users

Resolved 💬 3 comments Opened Apr 25, 2026 by TakeOver Closed May 29, 2026

Environment: Claude Code Desktop (macOS) → Cowork remote on Ubuntu, ccd-cli 2.1.119, multi-user Linux box, /tmp mode 1777

Repro:

  1. User A runs a Cowork session against a shared Linux host with empty/default settings → ccd-cli writes /tmp/claude-settings-44136fa355b3678a.json (mode 644, owned by A).

(44136fa355b3678a is the hash for {}.)

  1. User B starts a Cowork session against the same host with the same settings.
  2. ccd-cli on User B's side tries to open the same path for write → EACCES: permission denied. Process exits 1.
  3. Claude Code Desktop shows: Error processing settings: EACCES: permission denied, open '/tmp/claude-settings-44136fa355b3678a.json'. Session never starts.

Why it's bad:

  • Hash is content-addressed, no uid in the path → any two users on the same host with identical settings collide.
  • /tmp sticky bit means the second user can't delete the first user's file. Needs sudo or the original owner to clean up.
  • The user-facing error in the actual Cowork init is "Settings file not found: {}" (the CLI is invoked with --settings {} as inline JSON, but on this code path the error message treats {} as a missing file path) — doubly misleading and made debugging take hours.

Suggested fixes:

  • Include $UID in the path: /tmp/claude-settings-${uid}-${hash}.json, or
  • Honor TMPDIR and default to ~/.cache/claude/ (XDG) instead of /tmp, or
  • Open with O_EXCL | O_CREAT and pick a fresh path on collision.

Separately: improve the "Settings file not found: {}" error to distinguish between inline JSON and file-path values for --settings / --managed-settings.

Workaround: wrap ccd-cli to set TMPDIR=$HOME/tmp so each user gets a private settings dir

View original on GitHub ↗

This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗