Claude AI is powerful
and it needs to be contained in many cases.
The default mode for Claude code is to ask permissions before it asks.
But if that is all it does that presents two problems. One you have to click enter/yet again and
again and again. And two if you do that
eventually you are going to click a yes when you don’t mean to.
/permissions command
In Claude you can run the /permissions command to view the current permissions settings.
|
> claude |
Start up Claude
|
> /permissions |
Then run /permissions
You can use this menu bar to see what is currently allowed/denied etc.
During a session you can grant permission while the sessions
is running.
For example if I run
|
> Tell
me how many files are in my ~/.ssh folder |
I will get this prompt.
If I choose one I will give it permissions to read from this directory
this one time
But if I choose 2 then Claude will be allowed to read from this folder every
time while I am in this session
Let me choose 2
Now if I run /permissions
|
> /permissions |
I can see its now allowed.
And if I query it again
|
> Tell
me how many files are in my ~/.ssh folder |
There is no interactive check because we allowed it to run
this command.
Permission Modes
You can also set permission modes see https://code.claude.com/docs/en/permissions [1]
You have default, acceptEdits, plan, auto, dontAsk, and
bypassPermissions.
default
This is the standard behavior it
prompts on first use of each tool
acceptEdits
Automatically
accepts file edits and common system command
(mkdir, touch, mv,
cp, etc) for paths in the working directory
plan
Claude reads file
and runs read-only shell commands to explore but
does not edit your
source files
auto
Auto-approves tool calls with
background safety checks (still
experimental)
dontAsk
Auto-denies tools unless
pre-approved via /permissions or
permission.alllow
rules
byPassPermissions
Skips all permission prompts (nuclear option very scary)
While you are starting out keep it as default.
There is no way to check which mode you are in.
And honestly it does not make sense to have one. Since whatever mode you are in will be
enhannaced/changed with custom settings you can set in your
~/.claude/settings.json file which I will go over soon.
Now…
how can we change modes?
The first easy way is while running Claude press Shift + Tab
to cycle through the modes.
Looks like I only have access to Default, Accept Edits and Plan mode.
You can start Claude in another mode.
|
> claude --permission-mode plan |
Or
|
> claude --permission-mode
bypassPermissions |
Be very careful with this one, in fact don’t run it. Very very few reasons to let it do whatever
it wants.
Specific settings
For now I am going to use the default and adjust specific settings in the ~/.claude/settings.json file.
Open it up
|
> vi ~/.claude/settings.json |
And we are going to add some settings
|
"permissions": { |
Here you can see that we have a "permissions" section that
contains "allow",
"ask", and "deny"
Anything in allow will be “Auto approved” no need to ask
Anything in ask will always prompt for confirmation
Anything in Deny will be completely blocked
In Claude the Deny rule wins
Then as far as what you can do you have
Read
Allows, or denies reading a file.
Edit
Allows, or denies
creating, modifying, or deleting files.
Bash
Allows, or denies Claude from running
terminal/shell commands
WebFetch
Allows, or denies Claude from making
network request to external
Domains
(HTTP/HTTPS)
References
[1] Settings and Permissions
https://code.claude.com/docs/en/permissions
Accessed 05/2026
No comments:
Post a Comment