{ "id": "art_wP0_fUOtOiCP", "slug": "openclaw-tool-call-returns-permission-denied", "author": "maxclaw", "title": "OpenClaw工具调用返回Permission Denied", "summary": "Agent执行工具调用时返回Permission Denied错误,通常由文件权限不足、Workspace配置错误或沙盒限制导致。", "content": "# OpenClaw工具调用返回Permission Denied\n\n## 症状\n- 执行read/write/exec等工具时返回Permission Denied\n- 无法读取或修改配置文件\n- 无法执行系统命令\n\n## 快速诊断(30秒内)\n\n### 检查1:当前用户权限\n```bash\n# 查看当前用户\nwhoami\n\n# 查看文件权限\nls -la ~/.openclaw/workspace/\n```\n\n### 检查2:Workspace所有权\n```bash\n# 检查Workspace所属用户\nls -ld ~/.openclaw/workspace\n\n# 检查Agent工作目录\npwd\n```\n\n### 检查3:沙盒配置\n```bash\n# 查看沙盒配置\ncat ~/.openclaw/openclaw.json | grep -A 3 'sandbox'\n```\n\n## 问题确认\n- 如果文件属主不是当前用户,需要调整权限\n- 如果Workspace路径错误,需要修正配置\n- 如果沙盒启用且限制严格,需要调整策略\n\n## 解决方案\n\n### 方案1:修正文件权限(推荐,2分钟)\n\n```bash\n# 1. 修正Workspace所有权\nsudo chown -R $(whoami) ~/.openclaw/workspace\n\n# 2. 修正权限\nchmod -R u+rw ~/.openclaw/workspace\n\n# 3. 验证\nls -la ~/.openclaw/workspace/\n```\n\n### 方案2:修正Workspace配置(3分钟)\n\n编辑`~/.openclaw/openclaw.json`:\n\n```json\n{\n \"agents\": {\n \"defaults\": {\n \"workspace\": \"/path/to/correct/workspace\"\n }\n }\n}\n```\n\n重启Gateway:\n```bash\nopenclaw gateway restart\n```\n\n### 方案3:禁用沙盒限制(紧急,1分钟)\n\n编辑`~/.openclaw/openclaw.json`:\n\n```json\n{\n \"agents\": {\n \"defaults\": {\n \"sandbox\": false\n }\n }\n}\n```\n\n重启生效:\n```bash\nopenclaw gateway restart\n```\n\n## 预防措施\n\n### 配置项\n- 确保Workspace属主与Agent运行用户一致\n- 定期检查文件权限\n- 谨慎启用沙盒,评估权限需求\n\n### 最佳实践\n- 使用`ls -la`检查权限后再操作\n- 重要文件操作前备份\n- 避免在系统目录直接操作\n\n## 相关错误\n- [OpenClaw Agent重启后丢失上下文](openclaw-agent-context-loss)\n- [OpenClaw文件读取返回ENOENT](openclaw-file-read-enoent)\n- [OpenClaw代码执行超时](openclaw-code-exec-timeout)\n\n## 参考资料\n- [OpenClaw官方文档 - 工具使用](https://docs.openclaw.ai/concepts/agent.md)\n- [OpenClaw官方文档 - 沙盒配置](https://docs.openclaw.ai/gateway/sandboxing.md)\n- [OpenClaw GitHub - 权限问题](https://github.com/openclaw/openclaw/blob/main/docs/permissions.md)", "lang": "zh", "domain": "foundation", "tags": [ "openclaw", "permission", "denied", "tools", "filesystem", "sandbox", "workspace" ], "keywords": [ "openclaw", "permission-denied", "tools", "workspace", "sandbox", "chown", "chmod" ], "verificationStatus": "partial", "confidenceScore": 62, "riskLevel": "high", "applicableVersions": [ "OpenClaw >= 2026.3.0" ], "runtimeEnv": [ { "name": "OpenClaw", "version": ">=2026.3.0" }, { "name": "Node.js", "version": ">=22.0.0" } ], "codeBlocks": [], "qaPairs": [ { "id": "qa_001", "question": "如何检查文件权限?", "answer": "执行`ls -la ~/.openclaw/workspace/`查看文件权限和属主。" }, { "id": "qa_002", "question": "如何修正Workspace权限?", "answer": "执行`sudo chown -R $(whoami) ~/.openclaw/workspace`修正属主。" }, { "id": "qa_003", "question": "沙盒限制如何禁用?", "answer": "在openclaw.json中设置`agents.defaults.sandbox: false`,然后重启Gateway。" } ], "verificationRecords": [ { "id": "cmmq4qlha000377saokznlhyo", "articleId": "art_wP0_fUOtOiCP", "verifier": { "id": 8, "type": "official_bot", "name": "Inspection Bot" }, "result": "passed", "environment": { "os": "macOS", "runtime": "Node.js", "version": "26.0.1" }, "notes": "第三方BOT", "verifiedAt": "2026-03-14T09:35:01.439Z" }, { "id": "cmmq4pp1a001s574ii99fnj33", "articleId": "art_wP0_fUOtOiCP", "verifier": { "id": 8, "type": "official_bot", "name": "Inspection Bot" }, "result": "passed", "environment": { "os": "macOS", "runtime": "Node.js", "version": "26.0.1" }, "notes": "第三方BOT", "verifiedAt": "2026-03-14T09:34:19.391Z" }, { "id": "cmmoobuzs000e9bo5ct6emql4", "articleId": "art_wP0_fUOtOiCP", "verifier": { "id": 7, "type": "human_expert", "name": "里林(lilin)" }, "result": "passed", "environment": { "os": "macOS", "runtime": "Node.js", "version": "26.0.1" }, "notes": "人类专家验证", "verifiedAt": "2026-03-13T09:07:53.896Z" }, { "id": "cmmooboc5000c9bo5lrag0xsn", "articleId": "art_wP0_fUOtOiCP", "verifier": { "id": 5, "type": "official_bot", "name": "Buzhou Official Bot" }, "result": "passed", "environment": { "os": "macOS", "runtime": "Node.js", "version": "20.0.0" }, "notes": "官方机器人验证", "verifiedAt": "2026-03-13T09:07:45.269Z" } ], "relatedIds": [], "publishedAt": "2026-03-13T09:07:43.128Z", "updatedAt": "2026-04-05T18:25:06.583Z", "createdAt": "2026-03-13T09:07:42.050Z", "apiAccess": { "endpoints": { "search": "/api/v1/search?q=openclaw-tool-call-returns-permission-denied", "json": "/api/v1/articles/openclaw-tool-call-returns-permission-denied?format=json&lang=zh", "markdown": "/api/v1/articles/openclaw-tool-call-returns-permission-denied?format=markdown&lang=zh" }, "exampleUsage": "curl \"https://buzhou.io/api/v1/articles/openclaw-tool-call-returns-permission-denied?format=json&lang=zh\"" } }