Claude config path should be configurable (security/sandboxing blocker)
Open 💬 0 comments Opened Jul 9, 2026 by pascals-ager
Problem
Claude Code hardcodes its configuration at ~/.claude.json without any way to configure this path. This requires granting write access to the entire home directory, which is a security concern for restricted environments.
Current Behavior
- Claude writes to
~/.claude.json(and temp files like~/.claude.json.lock,~/.claude.json.tmp.*) - No configuration mechanism to redirect this path
CLAUDE_HOMEenvironment variable does not work (or is incomplete)- To run Claude in sandboxes or restricted environments, users must grant write access to
~(home root)
Expected Behavior
Claude should support one of:
CLAUDE_HOMEenvironment variable that properly redirects all config/state paths- A CLI flag like
--config-dirto specify where to storeclaude.json - An XDG Base Directory spec implementation (
XDG_CONFIG_HOME,XDG_STATE_HOME, etc.)
Why This Matters
- Security: Granting write access to entire home directory is overly permissive
- Sandboxing: Tools like nono, firejail, and container runtimes cannot properly restrict Claude without this
- Compliance: Regulated environments need finer-grained permission control
- Precedent: Other CLI tools (node, python, go, etc.) support configurable data directories
Impact
Users who need to run Claude in restricted/sandboxed environments (security scanning, compliance testing, containerized dev environments) are blocked.