Issue Station
Sign In
Tools hereToolbox

claude-code - 💡(How to fix) Fix Write deny rules not enforced via managed settings (.mobileconfig) [2 comments, 2 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
anthropics/claude-code#46809Fetched 2026-04-12 13:32:29
View on GitHub
Comments
2
Participants
2
Timeline
7
Reactions
0
Author
wunder-onewunder-one
Participants
github-actions[bot]github-actions[bot]wunder-onewunder-one
Timeline (top)
labeled ×5commented ×2

Write deny rules delivered via macOS managed settings (.mobileconfig configuration profile targeting com.anthropic.claudecode) are not enforced. Bash deny rules in the same profile work correctly.

This may be an incomplete fix from #6699, where all deny rules were broken. Bash deny appears fixed, but Write deny does not.

Root Cause

Write deny rules delivered via macOS managed settings (.mobileconfig configuration profile targeting com.anthropic.claudecode) are not enforced. Bash deny rules in the same profile work correctly.

This may be an incomplete fix from #6699, where all deny rules were broken. Bash deny appears fixed, but Write deny does not.

Code Example

<key>permissions</key>
<dict>
    <key>deny</key>
    <array>
        <string>Write(**/.env)</string>
        <string>Write(**/.env.*)</string>
        <string>Bash(gh repo create --public*)</string>
        <string>Bash(gh repo create *--public*)</string>
        <string>Bash(gh repo create *--visibility public*)</string>
    </array>
</dict>
RAW_BUFFERClick to expand / collapse

Description

Write deny rules delivered via macOS managed settings (.mobileconfig configuration profile targeting com.anthropic.claudecode) are not enforced. Bash deny rules in the same profile work correctly.

This may be an incomplete fix from #6699, where all deny rules were broken. Bash deny appears fixed, but Write deny does not.

Steps to Reproduce

  1. Deploy a .mobileconfig profile with com.anthropic.claudecode preference domain containing:
<key>permissions</key>
<dict>
    <key>deny</key>
    <array>
        <string>Write(**/.env)</string>
        <string>Write(**/.env.*)</string>
        <string>Bash(gh repo create --public*)</string>
        <string>Bash(gh repo create *--public*)</string>
        <string>Bash(gh repo create *--visibility public*)</string>
    </array>
</dict>
  1. Verify the profile is installed (visible in System Settings → Device Management)
  2. Restart Claude Code
  3. Ask Claude to write a .env file — it succeeds (not blocked)
  4. Ask Claude to run gh repo create --public testit is blocked (correctly denied)

Expected Behavior

Write(**/.env) and Write(**/.env.*) should block Claude from creating or overwriting .env files, the same way Bash(gh repo create --public*) blocks the bash command.

Actual Behavior

  • Bash deny rules: enforced
  • Write deny rules: not enforced

Environment

  • macOS 15 (Sequoia)
  • Claude Code latest (CLI)
  • Deny rules delivered via .mobileconfig managed settings (MDM), not settings.json
  • Profile is signed and installed, visible in System Settings → Device Management

Related Issues

  • #6699 — original report of all deny rules being broken (closed)
  • #24846 — Read deny for .env not enforced (closed as duplicate of #6699)

extent analysis

TL;DR

The Write deny rules for .env files are not being enforced, suggesting a potential issue with the rule parsing or application for write operations.

Guidance

  • Review the parsing logic for Write deny rules to ensure it correctly interprets the **/.env and **/.env.* patterns.
  • Verify that the Write deny rules are being applied at the correct level, considering the scope of the .mobileconfig profile and the com.anthropic.claudecode preference domain.
  • Compare the implementation of Bash deny rules with Write deny rules to identify any discrepancies that might explain why Bash rules are enforced while Write rules are not.
  • Test the Write deny rules with simpler patterns (e.g., Write(.env)) to see if the issue is related to the pattern complexity.
  • Consider reopening or referencing related issues (#6699, #24846) to ensure that all aspects of deny rule enforcement have been addressed.

Example

No specific code example can be provided without more context on the implementation details of the deny rule parser and enforcer.

Notes

The issue seems to be specific to the Write deny rules and does not affect Bash deny rules, suggesting a targeted fix might be necessary. The environment and configuration (macOS 15, Claude Code latest, .mobileconfig managed settings) should be considered when troubleshooting.

Recommendation

Apply a workaround by manually configuring Write deny rules through an alternative method (if available) until the issue can be fully resolved, as the current implementation seems to have inconsistencies between Bash and Write rule enforcement.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#runtime error#dependency conflict#environment setup#docker error#permission error

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING