Never Run OpenClaw as Root: How to Create a Secure Dedicated User

Root access on Linux means one thing: unrestricted control over everything on the system. Root can delete any file, read any secret, install any software, modify any configuration. If your OpenClaw instance is running as root and gets compromised — through prompt injection, a vulnerability, or a misconfigured permission — the attacker inherits root access.

That's not a hypothetical. That's "the attacker owns the entire server" in the most literal sense.

Creating a dedicated non-root user for OpenClaw takes about 5 minutes. It limits the damage radius of any compromise to what that user account can access — which is much, much less than root.

---

Why Root Access Is Catastrophic for an AI Agent

Running regular software as root is bad practice. Running an AI agent as root is significantly worse, for a specific reason: AI agents actively process untrusted external content.

Your OpenClaw instance reads web pages, processes documents, handles emails, and follows instructions from potentially compromised sources. Any of that content could contain prompt injection attacks. If a successful injection runs as root, the injected code has:

• Full read access to every file on the server
• Ability to modify system configurations
• Ability to install malware or backdoors
• Ability to create new user accounts
• Ability to read other users' files and credentials

Running as a dedicated non-root user confines the blast radius. A successful attack can only do what the openclaw user is permitted to do — which, with proper configuration, is limited to the agent's own workspace files.

[→ See also: What is Prompt Injection and Why Every OpenClaw User Should Know About It]

---

Step 1: Create the Dedicated User

# Create a new user called "openclaw"
sudo adduser openclaw

The adduser command will prompt for:

• Password (set something strong — you'll use it for su switching)
• Full name and other optional info (press Enter to skip)

This creates:

• A user account openclaw
• A home directory at /home/openclaw
• A user group openclaw

---

Step 2: Configure Sudo Access

The openclaw user needs some sudo privileges (for UFW, fail2ban, SSH config), but shouldn't have unrestricted sudo access.

For a basic setup, adding to the sudo group is sufficient:

sudo usermod -aG sudo openclaw

For tighter control, you can restrict which commands the user can run with sudo by editing /etc/sudoers with visudo. But for most personal deployments, the sudo group is fine.

---

Step 3: Switch to the New User

su - openclaw

The - flag loads the full login environment for that user. Verify you're no longer root:

whoami
# Should output: openclaw

---

Step 4: Install and Run OpenClaw as the New User

From the openclaw user session, install OpenClaw:

npm install -g openclaw

If npm isn't installed:

# Install Node.js and npm
curl -fsSL https://deb.nodesource.com/setup_lts.x | sudo -E bash -
sudo apt-get install -y nodejs

Then configure and start OpenClaw normally. The config file will live at /home/openclaw/.openclaw/openclaw.json — owned by the openclaw user.

---

Step 5: Set File Permissions on openclaw.json

Your config file contains your gateway password and other sensitive settings. Lock it down:

chmod 600 ~/.openclaw/openclaw.json

600 means the owner can read and write; no one else can do anything with it. Verify:

ls -la ~/.openclaw/openclaw.json
# Should show: -rw------- 1 openclaw openclaw

Also set permissions on the .openclaw directory:

chmod 700 ~/.openclaw

700 means the owner can read, write, and execute (enter directory); no one else can.

---

Migrating from Root to a New User

If you're already running OpenClaw as root, here's how to migrate:

# Create the new user (as root)
adduser openclaw
usermod -aG sudo openclaw

# Copy the config directory
cp -r /root/.openclaw /home/openclaw/.openclaw

# Fix ownership
chown -R openclaw:openclaw /home/openclaw/.openclaw

# Fix permissions
chmod 600 /home/openclaw/.openclaw/openclaw.json
chmod 700 /home/openclaw/.openclaw

# Stop OpenClaw running as root
openclaw gateway stop

# Switch to the new user
su - openclaw

# Start OpenClaw as the new user
openclaw gateway start

Verify the process is running as openclaw, not root:

ps aux | grep openclaw
# The USER column should show "openclaw", not "root"

---

Docker Group Membership

If you're using Docker for subagent sandboxing, the openclaw user also needs to be in the Docker group:

sudo usermod -aG docker openclaw

Log out and back in after adding to the Docker group for the change to take effect.

[→ See also: How to Sandbox OpenClaw Subagents with Docker]

---

Verifying You're Not Running as Root

The security audit prompt covers this, but you can check manually:

# Check current user
whoami

# Check OpenClaw process user
ps aux | grep "openclaw gateway"

# Check config file ownership
ls -la ~/.openclaw/openclaw.json

All three should show openclaw (or your chosen username), not root.

---

Key Takeaways

• Running OpenClaw as root means a compromised agent = compromised server; running as a dedicated user limits damage to that user's access
• The adduser openclaw + usermod -aG sudo openclaw sequence is the entire user creation process — about 2 minutes
• Set chmod 600 on openclaw.json immediately after creating it; this is the one file that should never be world-readable
• If migrating from root, copy the config directory, fix ownership with chown -R, fix permissions with chmod, then verify with ps aux
• Add the user to the Docker group (usermod -aG docker openclaw) if using sandbox mode, and log out/in afterward
• The check is simple: whoami and ps aux | grep openclaw should both show the dedicated user, never root