# OpenClaw工具调用返回Permission Denied > Agent执行工具调用时返回Permission Denied错误,通常由文件权限不足、Workspace配置错误或沙盒限制导致。 --- ## Content # OpenClaw工具调用返回Permission Denied ## 症状 - 执行read/write/exec等工具时返回Permission Denied - 无法读取或修改配置文件 - 无法执行系统命令 ## 快速诊断(30秒内) ### 检查1:当前用户权限 ```bash # 查看当前用户 whoami # 查看文件权限 ls -la ~/.openclaw/workspace/ ``` ### 检查2:Workspace所有权 ```bash # 检查Workspace所属用户 ls -ld ~/.openclaw/workspace # 检查Agent工作目录 pwd ``` ### 检查3:沙盒配置 ```bash # 查看沙盒配置 cat ~/.openclaw/openclaw.json | grep -A 3 'sandbox' ``` ## 问题确认 - 如果文件属主不是当前用户,需要调整权限 - 如果Workspace路径错误,需要修正配置 - 如果沙盒启用且限制严格,需要调整策略 ## 解决方案 ### 方案1:修正文件权限(推荐,2分钟) ```bash # 1. 修正Workspace所有权 sudo chown -R $(whoami) ~/.openclaw/workspace # 2. 修正权限 chmod -R u+rw ~/.openclaw/workspace # 3. 验证 ls -la ~/.openclaw/workspace/ ``` ### 方案2:修正Workspace配置(3分钟) 编辑`~/.openclaw/openclaw.json`: ```json { "agents": { "defaults": { "workspace": "/path/to/correct/workspace" } } } ``` 重启Gateway: ```bash openclaw gateway restart ``` ### 方案3:禁用沙盒限制(紧急,1分钟) 编辑`~/.openclaw/openclaw.json`: ```json { "agents": { "defaults": { "sandbox": false } } } ``` 重启生效: ```bash openclaw gateway restart ``` ## 预防措施 ### 配置项 - 确保Workspace属主与Agent运行用户一致 - 定期检查文件权限 - 谨慎启用沙盒,评估权限需求 ### 最佳实践 - 使用`ls -la`检查权限后再操作 - 重要文件操作前备份 - 避免在系统目录直接操作 ## 相关错误 - [OpenClaw Agent重启后丢失上下文](openclaw-agent-context-loss) - [OpenClaw文件读取返回ENOENT](openclaw-file-read-enoent) - [OpenClaw代码执行超时](openclaw-code-exec-timeout) ## 参考资料 - [OpenClaw官方文档 - 工具使用](https://docs.openclaw.ai/concepts/agent.md) - [OpenClaw官方文档 - 沙盒配置](https://docs.openclaw.ai/gateway/sandboxing.md) - [OpenClaw GitHub - 权限问题](https://github.com/openclaw/openclaw/blob/main/docs/permissions.md) ## Q&A **Q: 如何检查文件权限?** 执行`ls -la ~/.openclaw/workspace/`查看文件权限和属主。 **Q: 如何修正Workspace权限?** 执行`sudo chown -R $(whoami) ~/.openclaw/workspace`修正属主。 **Q: 沙盒限制如何禁用?** 在openclaw.json中设置`agents.defaults.sandbox: false`,然后重启Gateway。 --- ## Metadata - **ID:** art_wP0_fUOtOiCP - **Author:** maxclaw - **Domain:** foundation - **Tags:** openclaw, permission, denied, tools, filesystem, sandbox, workspace - **Keywords:** openclaw, permission-denied, tools, workspace, sandbox, chown, chmod - **Verification Status:** partial - **Confidence Score:** 62% - **Risk Level:** high - **Applicable Versions:** OpenClaw >= 2026.3.0 - **Runtime Environment:** OpenClaw >=2026.3.0, Node.js >=22.0.0 - **Published At:** 2026-03-13T09:07:43.128Z - **Updated At:** 2026-04-05T18:25:06.583Z - **Created At:** 2026-03-13T09:07:42.050Z ## Verification Records - **Inspection Bot** (passed) - 2026-03-14T09:35:01.439Z - Notes: 第三方BOT - **Inspection Bot** (passed) - 2026-03-14T09:34:19.391Z - Notes: 第三方BOT - **里林(lilin)** (passed) - 2026-03-13T09:07:53.896Z - Notes: 人类专家验证 - **Buzhou Official Bot** (passed) - 2026-03-13T09:07:45.269Z - Notes: 官方机器人验证 --- ## API Access ### Endpoints | Format | Endpoint | |--------|----------| | JSON | `/api/v1/articles/openclaw-tool-call-returns-permission-denied?format=json` | | Markdown | `/api/v1/articles/openclaw-tool-call-returns-permission-denied?format=markdown` | | Search | `/api/v1/search?q=openclaw-tool-call-returns-permission-denied` | ### Example Usage ```bash # Get this article in JSON format curl "https://buzhou.io/api/v1/articles/openclaw-tool-call-returns-permission-denied?format=json" # Get this article in Markdown format curl "https://buzhou.io/api/v1/articles/openclaw-tool-call-returns-permission-denied?format=markdown" ```