Phase 3 / Ep 15: Full Permissions and Security Policies —— Governance of High-Risk Environments
🎯 Learning Objective: Understand the risks of full permissions and security mitigation measures.
1. Use Cases for Full Permissions
- Server operations automation (restarting services, cleaning disks)
- Network diagnostics (ping, traceroute, nmap)
- Process management (kill, top, resource monitoring)
- System configuration changes
2. ⚠️ Must Be Used in Isolated Environments
graph TD
A["🔴 Full Permission Agent"] --> B{"Runtime Environment?"}
B -->|"Native macOS"| C["❌ Strictly Prohibited\nAgent might delete system files"]
B -->|"Docker Container"| D["✅ Recommended\nProcess-level isolation"]
B -->|"UTM Virtual Machine"| E["✅✅ Best\nKernel-level isolation"]
style C fill:#fee2e2,stroke:#dc2626
style D fill:#fef9c3,stroke:#ca8a04
style E fill:#dcfce7,stroke:#16a34a3. Security Policy Configuration
Command Blacklist
// openclaw.json
{
"tools": {
"profile": "full",
"blockedCommands": [
"rm -rf /",
"dd if=",
"mkfs",
"shutdown",
"reboot"
]
}
}
Whitelist Mode (More Secure)
{
"tools": {
"profile": "full",
"allowMode": "whitelist",
"allowedCommands": [
"systemctl status *",
"systemctl restart *",
"df -h",
"free -m",
"docker ps",
"docker logs *"
]
}
}
Manual Approval Mechanism
{
"tools": {
"requireApproval": ["rm", "kill", "systemctl stop"]
}
}
Once enabled, the Agent will request your confirmation via Telegram before executing these commands.
4. SECURITY.md
Create a SECURITY.md in the Agent directory, which the Agent will reference before executing sensitive operations:
# Security Policies
- Do not delete any files; only creation and modification are allowed.
- Check dependencies of related services before restarting a service.
- Disk cleanup can only clear /tmp and /var/log/old.
Next Episode Teaser: Ep 16: Multi-Agent Permission Isolation — personal (basic), coder (coding), and ops (full) performing their respective duties.