anthropics
[Bug] Claude Code executes shell commands 'rm' without permission verification
Bug Description Bash에 rm에 대한 권한이 permission에 등록돼있지 않은데 그냥 묻지않고 실행이 됩니다.
(Translation: The rm command is not registered in the Bash permissions, but it executes without asking.)
Summary (English)
Claude Code executed rm -rf command without asking for permission, even though rm is NOT registered in my allowed permissions list.
What happened:
- I asked Claude to delete a specific directory (
train/rec_adult) while keeping other directories (hstu,mtlv2) - Claude confirmed it would delete the directory
- Claude then executed
rm -rf remy/tasks/train/rec_adult && echo "삭제 완료"(Translation: "Deletion complete") without prompting for permission - The directory was immediately deleted
Expected behavior:
Since rm or rm -rf is NOT in my allowed permissions list (as shown in Screenshots 2-4), Claude Code should have prompted me for explicit permission before executing the delete command.
Actual behavior:
Claude Code bypassed the permission check and executed the destructive rm -rf command without any confirmation.
Screenshots:
Screenshot 1 - Claude executing rm -rf without permission prompt:
The screenshot shows a conversation where:
- User asked to keep
hstuandmtlv2, and deleterec_adultsince only the existing algorithm needs to be removed - Claude responded "네, 지워도 됩니다" (Translation: "Yes, it can be deleted")
- Claude explained that
train/rec_adultis not imported anywhere externally, and onlyrec_adult_hstuandrec_adult_mtlv2are used in inference - Claude executed
Bash(rm -rf remy/tasks/train/rec_adult && echo "삭제 완료")and showed "└ 삭제 완료" (Translation: "Deletion complete") - Claude then asked "삭제 완료. 테스트 돌려볼까요?" (Translation: "Deletion complete. Should I run the tests?")
Screenshot 2 - My /permissions list showing NO rm command is allowed:
The screenshot shows the Claude Code /permissions screen under the "Allow" tab, displaying all pre-approved bash commands. There is NO rm command in this list.
Screenshot 3 - Project-level settings file (.claude/settings.local.json):
This screenshot shows the project-level Claude Code settings file. The "permissions" object contains an "allow" array with various permitted commands, but there is NO rm command in this list either. The settings also show "deny": [] and "ask": [] are empty.
Screenshot 4 - Global settings file (~/.claude/settings.json):
This screenshot shows the global Claude Code settings file. This file contains general settings like "model": "opus", "alwaysThinkingEnabled": true, and enabled plugins, but no rm permission is granted here either.
As shown in Screenshots 2-4, my allowed Bash commands are:
-
Bash(aws-vault exec ml -- uv run pytest:*) -
Bash(docker exec:*) -
Bash(git add:*) -
Bash(uv run pytest:*) -
Bash(uv run python:*) -
Bash(uv run ruff check:*) -
WebFetch(domain:argo-workflows.readthedocs.io)
There is NO rm command in any of these permission lists, yet Claude executed it without asking.
Environment Info
- Platform: darwin
- Terminal: iTerm.app
- Version: 2.1.3
- Feedback ID: c60b715e-4fdb-4f03-a3c6-8c921dd4ce8d
Errors
[{"error":"Error: EISDIR: illegal operation on a directory, read\n at readFileSync (unknown)\n at <anonymous> (/$bunfs/root/claude:12:535)\n at p2 (/$bunfs/root/claude:11:34641)\n at readFileSync (/$bunfs/root/claude:12:494)\n at NP_ (/$bunfs/root/claude:4612:23301)\n at call (/$bunfs/root/claude:1615:945)\n at call (/$bunfs/root/claude:1611:6420)\n at nB8 (/$bunfs/root/claude:3199:27213)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T07:54:37.383Z"},{"error":"Error: EISDIR: illegal operation on a directory, read\n at readFileSync (unknown)\n at <anonymous> (/$bunfs/root/claude:12:535)\n at p2 (/$bunfs/root/claude:11:34641)\n at readFileSync (/$bunfs/root/claude:12:494)\n at NP_ (/$bunfs/root/claude:4612:23301)\n at call (/$bunfs/root/claude:1615:945)\n at call (/$bunfs/root/claude:1611:6420)\n at nB8 (/$bunfs/root/claude:3199:27213)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T07:54:57.984Z"},{"error":"Error: EISDIR: illegal operation on a directory, read\n at readFileSync (unknown)\n at <anonymous> (/$bunfs/root/claude:12:535)\n at p2 (/$bunfs/root/claude:11:34641)\n at readFileSync (/$bunfs/root/claude:12:494)\n at NP_ (/$bunfs/root/claude:4612:23301)\n at call (/$bunfs/root/claude:1615:945)\n at call (/$bunfs/root/claude:1611:6420)\n at nB8 (/$bunfs/root/claude:3199:27213)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T07:55:08.382Z"},{"error":"Error: Request was aborted.\n at _createMessage (/$bunfs/root/claude:446:3157)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T08:04:37.280Z"},{"error":"Error: Request was aborted.\n at _createMessage (/$bunfs/root/claude:446:3157)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T08:23:47.888Z"},{"error":"Error: Request was aborted.\n at _createMessage (/$bunfs/root/claude:446:3157)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T08:27:05.738Z"},{"error":"Error: Request was aborted.\n at makeRequest (/$bunfs/root/claude:858:3940)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T08:34:41.147Z"},{"error":"Error: Request was aborted.\n at _createMessage (/$bunfs/root/claude:446:3157)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T08:40:09.913Z"},{"error":"Error: EISDIR: illegal operation on a directory, read\n at readFileSync (unknown)\n at <anonymous> (/$bunfs/root/claude:12:535)\n at p2 (/$bunfs/root/claude:11:34641)\n at readFileSync (/$bunfs/root/claude:12:494)\n at NP_ (/$bunfs/root/claude:4612:23301)\n at call (/$bunfs/root/claude:1615:945)\n at call (/$bunfs/root/claude:1611:6420)\n at nB8 (/$bunfs/root/claude:3199:27213)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T08:41:36.909Z"},{"error":"Error: EISDIR: illegal operation on a directory, read\n at readFileSync (unknown)\n at <anonymous> (/$bunfs/root/claude:12:535)\n at p2 (/$bunfs/root/claude:11:34641)\n at readFileSync (/$bunfs/root/claude:12:494)\n at NP_ (/$bunfs/root/claude:4612:23301)\n at call (/$bunfs/root/claude:1615:945)\n at call (/$bunfs/root/claude:1611:6420)\n at nB8 (/$bunfs/root/claude:3199:27213)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T09:01:45.469Z"},{"error":"Error: EISDIR: illegal operation on a directory, read\n at readFileSync (unknown)\n at <anonymous> (/$bunfs/root/claude:12:535)\n at p2 (/$bunfs/root/claude:11:34641)\n at readFileSync (/$bunfs/root/claude:12:494)\n at NP_ (/$bunfs/root/claude:4612:23301)\n at call (/$bunfs/root/claude:1615:945)\n at call (/$bunfs/root/claude:1611:6420)\n at nB8 (/$bunfs/root/claude:3199:27213)\n at processTicksAndRejections (native:7:39)","timestamp":"2026-01-10T09:01:45.469Z"},{"error":"Error: EISDIR: illegal operation on a directory, read\n at readFileSync (unknown)\n at <anonymous> (/$bunfs/root/claude:12:535)\n at p2 (/$bunfs/root/claude:11:34641)\n at readFileSync (/$bunfs/root/claude:12:494)\n at NP_ (/$bunfs/root/claude:4612:23301)\n at call (/$bunfs/root/claude:1615:945
Note: Error logs were truncated.
Found 3 possible duplicate issues:
- https://github.com/anthropics/claude-code/issues/15711
- https://github.com/anthropics/claude-code/issues/6608
- https://github.com/anthropics/claude-code/issues/6413
This issue will be automatically closed as a duplicate in 3 days.
- If your issue is a duplicate, please close it and 👍 the existing issue instead
- To prevent auto-closure, add a comment or 👎 this comment
🤖 Generated with Claude Code
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}