I love AI coding agents - they give you so much boost and removes burden of writing the boilerplate code. Also you can nicely confront some of your ideas with them.
However, I am a bit disturbed with giving your AI Agent control your main user account in your OS, feel free to create a sandbox for it.
Firstly, make sure that the ‘other’ users are not having read permission to your home directory
chmod -R o-rwx ~
Now create the AI Agent user you’ll use - in this example it’s simply named ai:
sudo useradd -m -s /bin/bash ai
sudo passwd ai
Let’s set this user permissions full access to the given project you’ll be working on;
sudo setfacl -R -m u:ai:rwx ~/IdeaProjects/my-project
sudo setfacl -R -d -m u:ai:rwx ~/IdeaProjects/my-project
And you also need to ensure the ai user can traverse to your project folder:
sudo setfacl -m u:ai:--x ~
sudo setfacl -m u:ai:--x ~/IdeaProjects
Try running it from your main account like this:
sudo -u ai bash -c 'cd /home/piotr/IdeaProjects/my-project && claude-code'
If you got an error telling you that claude-code is an unknown command, it’s possible that you have installed Claude Code as your main user, so an option is to move it to system-wide location so any user can run it:
sudo cp ~/.local/bin/claude /usr/local/bin/claude-code
sudo chmod 755 /usr/local/bin/claude-code
Afterward you can check if the permission schema works as you expect, or even run claude code and ask him what he can access :-)
Of course, you can further cut the permissions of the agent to block /etc or /tmp or any other directory you like.