OpenClaw Tool Call Returns Permission Denied

Symptoms

• read/write/exec tools return Permission Denied
• Cannot read or modify configuration files
• Cannot execute system commands

Quick Diagnosis (30 seconds)

Check 1: Current User Permissions

# View current user
whoami

# View file permissions
ls -la ~/.openclaw/workspace/

Check 2: Workspace Ownership

# Check Workspace owner
ls -ld ~/.openclaw/workspace

# Check Agent working directory
pwd

Check 3: Sandbox Configuration

# View sandbox config
cat ~/.openclaw/openclaw.json | grep -A 3 'sandbox'

Problem Confirmation

• If file owner is not current user, adjust permissions
• If Workspace path is wrong, fix configuration
• If sandbox is enabled and restrictive, adjust policy

Solutions

Solution 1: Fix File Permissions (Recommended, 2 minutes)

# 1. Fix Workspace ownership
sudo chown -R $(whoami) ~/.openclaw/workspace

# 2. Fix permissions
chmod -R u+rw ~/.openclaw/workspace

# 3. Verify
ls -la ~/.openclaw/workspace/

Solution 2: Fix Workspace Configuration (3 minutes)

Edit ~/.openclaw/openclaw.json:

{
  "agents": {
    "defaults": {
      "workspace": "/path/to/correct/workspace"
    }
  }
}

Restart Gateway:

openclaw gateway restart

Solution 3: Disable Sandbox Restrictions (Emergency, 1 minute)

Edit ~/.openclaw/openclaw.json:

{
  "agents": {
    "defaults": {
      "sandbox": false
    }
  }
}

Restart to apply:

openclaw gateway restart

Prevention

Configuration

• Ensure Workspace owner matches Agent running user
• Regularly check file permissions
• Enable sandbox carefully, assess permission needs

Best Practices

• Use ls -la to check permissions before operations
• Backup important files before operations
• Avoid direct operations in system directories

Related Errors

• OpenClaw Agent Loses Context After Restart
• OpenClaw File Read Returns ENOENT
• OpenClaw Code Execution Timeout

References

• OpenClaw Docs - Tool Usage
• OpenClaw Docs - Sandbox Configuration
• OpenClaw GitHub - Permissions