EACCES: permission denied on /sandbox/.openclaw/identity/device-auth.json — curl install on Linux (no sudo in sandbox) #692
Description
Description
Environment
- OS: Linux
- Install method: curl installer (native)
- User inside sandbox:
sandbox - OpenClaw config sourced from:
/home/user/.openclaw/
Description
After installing nemoclaw via the curl installer, the openclaw TUI fails to
connect with a persistent permission error on the identity directory. The
installer writes /sandbox/.openclaw/identity/ owned by root, but openclaw
runs as the sandbox user which has no write access.
Error output
openclaw tui - ws://127.0.0.1:18789 - agent main - session main
connecting | idle
gateway disconnected: connect failed | idle
gateway disconnected: connect failed | idle
gateway connect failed: Error: EACCES: permission denied, open '/sandbox/.openclaw/identity/device-auth.json'
File structure of /sandbox/.openclaw/
drwxrwxrwt 1 root root 4096 Mar 22 05:42 .
drwxr-xr-x 1 sandbox sandbox 4096 Mar 22 05:47 ..
lrwxrwxrwx 1 root root 30 Mar 21 13:45 agents -> /sandbox/.openclaw-data/agents
drwxr-xr-x 2 sandbox sandbox 4096 Mar 22 05:42 canvas
drwxr-xr-x 2 sandbox sandbox 4096 Mar 22 05:42 cron
drwxr-xr-x 2 sandbox sandbox 4096 Mar 22 21:19 devices
lrwxrwxrwx 1 root root 34 Mar 21 13:45 extensions -> /sandbox/.openclaw-data/extensions
lrwxrwxrwx 1 root root 29 Mar 21 13:45 hooks -> /sandbox/.openclaw-data/hooks
drwxr-xr-x 1 root root 4096 Mar 21 13:49 identity ← root owned, sandbox cannot write
-r--r--r-- 1 root root 1183 Mar 21 13:49 openclaw.json ← read-only for all users
lrwxrwxrwx 1 root root 30 Mar 21 13:45 skills -> /sandbox/.openclaw-data/skills
-rwxr-xr-x 1 sandbox sandbox 49 Mar 22 05:42 update-check.json
lrwxrwxrwx 1 root root 33 Mar 21 13:45 workspace -> /sandbox/.openclaw-data/workspace
OpenClaw Completion
source "/home/user/.openclaw/completions/openclaw.bash"
Root cause
The curl installer creates /sandbox/.openclaw/identity/ owned by root,
but openclaw runs as the sandbox user (no sudo available inside the sandbox).
There is also a user mismatch — the installer ran as user but the runtime
user is sandbox.
What I tried
chown -R $(whoami):$(whoami) /sandbox/.openclaw→ Operation not permittedsudois not available inside the sandbox environment- Env var override
OPENCLAW_HOME=~/.openclaw nemoclaw→ did not redirect identity path
Expected behavior
The curl installer should either:
- Create
/sandbox/.openclaw/identity/with the correct ownership for the runtime user, or - Respect an
OPENCLAW_HOMEorOPENCLAW_CONFIG_DIRenv var to redirect all config paths including identity
Reproduction Steps
Steps to Reproduce
- Provision a Linux sandbox environment (e.g. Docker container running as user
sandbox) - Run the nemoclaw curl installer inside the sandbox:
curl -fsSL https://nemoclaw.ai/install.sh | bash - Confirm install completed and
.bashrccontains:
source "/home/user/.openclaw/completions/openclaw.bash" - Launch the openclaw TUI:
nemoclaw - Observe repeated connection failures in the TUI output
Expected Result
TUI connects successfully and openclaw authenticates the device
Actual Result
connecting | idle
gateway disconnected: connect failed | idle
gateway disconnected: connect failed | idle
gateway connect failed: Error: EACCES: permission denied, open '/sandbox/.openclaw/identity/device-auth.json'
Verification
Run the following to confirm the permission/ownership mismatch:
whoami
returns: sandbox
ls -la /sandbox/.openclaw/
identity dir and openclaw.json are owned by root:
drwxr-xr-x 1 root root 4096 identity
-r--r--r-- 1 root root 1183 openclaw.json
sudo chown -R (whoami):(whoami):
(whoami):(whoami) /sandbox/.openclaw
returns: Operation not permitted (sudo blocked inside sandbox)
Notes
sudois not available inside the sandbox- Env var workaround
OPENCLAW_HOME=~/.openclaw nemoclawdoes not redirect the identity path - Installer user (
user) differs from runtime user (sandbox) — possible secondary issue
Environment
- OS: Linux
- Nodejs: v22.22.1
Debug Output
Logs
Checklist
- I confirmed this bug is reproducible
- I searched existing issues and this is not a duplicate