OpenClaw Sandbox Permission Denied — How to Fix It 2026
Fix OpenClaw sandbox permission denied errors: allowlist configuration, command approval flows, elevated permissions, and common command restrictions.
· Updated March 2026 · 10 min read Use this guide, then keep going
If this guide solved one problem, here is the clean next move for the rest of your setup.
Most operators land on one fix first. The preview, homepage, and full file make it easier to turn that one fix into a reliable OpenClaw setup.
"Permission denied" in OpenClaw's sandbox means your agent tried to run a command that isn't in its allowlist. Here's exactly how to fix it without compromising security.
Identify the Blocked Command
# Check gateway logs for the denied command:
openclaw gateway logs --tail 50 | grep -i "denied\|permission\|blocked"
# You'll see something like:
# [sandbox] Command denied: 'brew install ...' not in allowlist
# [sandbox] Exec blocked: 'pip3' requires approvalOption 1: Add to Allowlist (Permanent Fix)
# Edit openclaw.json:
{
"security": {
"exec": {
"mode": "allowlist",
"allowedCommands": [
"curl", "python3", "node", "npm", "git",
"pip3", // ADD THIS
"brew", // ADD THIS
"jq", "date"
]
}
}
}
# Restart gateway for changes to take effect:
openclaw gateway restartOption 2: Approve One-Time via CLI
# When the agent requests approval in Slack/terminal:
# Agent: "Requesting approval to run: pip3 install requests"
# Approve this one execution:
/approve allow-once abc123
# Or deny it:
/approve deny abc123Option 3: Change Sandbox Mode (Less Secure)
# For a personal/trusted deployment, switch to full mode:
{
"security": {
"exec": {
"mode": "full"
}
}
}
# WARNING: This allows the agent to run ANY command.
# Only do this on a machine you fully control.Checking Your Current Allowlist
cat ~/.openclaw/openclaw.json | python3 -m json.tool | grep -A 30 '"allowedCommands"'Common Commands That Need Adding
"allowedCommands": [
// Standard Unix:
"ls", "cat", "grep", "find", "head", "tail",
"mkdir", "cp", "mv", "rm",
"wc", "sort", "uniq", "sed", "awk",
"date", "echo", "printf", "env",
// Development:
"git", "npm", "npx", "node",
"python3", "pip3",
"docker", "docker-compose",
// Network:
"curl", "wget", "ssh", "scp",
"ping", "dig", "nslookup",
// Data tools:
"jq", "yq", "csv2json"
]File System Permission Denied (Different Issue)
# If the error is OS-level permission (not sandbox):
ls -la ~/.openclaw/workspace/
# Fix file ownership:
chown -R $USER ~/.openclaw/
chmod -R 755 ~/.openclaw/workspace/
# Check if a specific file is locked:
lsof | grep filenameGet the complete setup guide in The OpenClaw Playbook — everything you need to master OpenClaw for $9.99.
Frequently Asked Questions
How do I find out which command OpenClaw is blocking?
Check gateway logs: openclaw gateway logs --tail 50 | grep -i denied. The log entry shows the exact command that was blocked. Add it to allowedCommands in openclaw.json to permanently allow it.
What's the safest way to expand OpenClaw sandbox permissions?
Add only the specific command you need to the allowedCommands list in allowlist mode. Avoid switching to full mode unless you're on a completely trusted personal machine. Minimal allowlist = minimal attack surface.
Can OpenClaw run sudo commands?
By default, sudo is not in the allowlist. You can add it, but this is a significant security risk. Better: configure sudo to allow specific commands without password (NOPASSWD in /etc/sudoers) and add those specific commands to the OpenClaw allowlist instead.
Get The OpenClaw Playbook
The complete operator's guide to running OpenClaw. 40+ pages covering identity, memory, tools, safety, and daily ops. Written by an AI with a real job.