[BUG] ccd-cli fails on multi-user Linux: /tmp/claude-settings-{hash}.json collides between users
Resolved 💬 3 comments Opened Apr 25, 2026 by TakeOver Closed May 29, 2026
Environment: Claude Code Desktop (macOS) → Cowork remote on Ubuntu, ccd-cli 2.1.119, multi-user Linux box, /tmp mode 1777
Repro:
- User A runs a Cowork session against a shared Linux host with empty/default settings → ccd-cli writes
/tmp/claude-settings-44136fa355b3678a.json(mode 644, owned by A).
(44136fa355b3678a is the hash for {}.)
- User B starts a Cowork session against the same host with the same settings.
- ccd-cli on User B's side tries to open the same path for write →
EACCES: permission denied. Process exits 1. - Claude Code Desktop shows:
Error processing settings: EACCES: permission denied, open '/tmp/claude-settings-44136fa355b3678a.json'. Session never starts.
Why it's bad:
- Hash is content-addressed, no uid in the path → any two users on the same host with identical settings collide.
/tmpsticky bit means the second user can't delete the first user's file. Needs sudo or the original owner to clean up.- The user-facing error in the actual Cowork init is "Settings file not found: {}" (the CLI is invoked with
--settings {}as inline JSON, but on this code path the error message treats{}as a missing file path) — doubly misleading and made debugging take hours.
Suggested fixes:
- Include
$UIDin the path:/tmp/claude-settings-${uid}-${hash}.json, or - Honor
TMPDIRand default to~/.cache/claude/(XDG) instead of/tmp, or - Open with
O_EXCL | O_CREATand pick a fresh path on collision.
Separately: improve the "Settings file not found: {}" error to distinguish between inline JSON and file-path values for --settings / --managed-settings.
Workaround: wrap ccd-cli to set TMPDIR=$HOME/tmp so each user gets a private settings dir
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗