Files
chenhg5-cc-connect/agent
cg33 303fd46de0 fix(claudecode): chmod 0o644 on per-spawn system-prompt temp file (#1429) (#1433)
writeTempAppendPromptFile (the 1% edge-case path for prompts that have
session-specific platform formatting or user append_system_prompt) used
os.CreateTemp, which leaves the file at mode 0600 owned by the
cc-connect process user (often root under systemd). When the agent
was spawned under a different run_as_user, the target user got EACCES
and the agent exited before reading any prompt.

Fix: f.Chmod(0o644) immediately after write, mirroring the shared
ensureSharedSystemPromptFile path (which already writes 0o644 via
writeFileAtomic). The per-spawn content is a superset of the already
shared base prompt, so 0644 is consistent with the shared file.

The shared-file path (ensureSharedSystemPromptFile, used for the
common 99% case where no platform/user append is set) is already 0644
and untouched here. The daemon-mode path resolution fix from #1419
and the v1.3.4 cmdline 8192 fix from #1376 are independent and not
modified.

Test: TestWriteTempAppendPromptFile_ReadableByOtherUser asserts the
on-disk mode is 0o644 (the run_as_user contract) and that an
O_RDONLY open succeeds — same access path the spawned agent uses
for --append-system-prompt-file.

Co-authored-by: dev-claudecode <dev-claudecode@cc-connect.local>
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-28 20:34:02 +08:00
..