JB
Back to Blog

claude-sudo: Giving Claude Code Root Access (Safely-ish)

A bash wrapper that grants Claude Code temporary root access with full audit logging—for when you need AI to fix your system, not just your code.

claude ai devtools bash

I’ve been using Claude Code for a lot of system configuration work lately. The challenge is that it doesn’t have root access by default—and for good reason. But when you’re working on a throwaway machine, the constant back-and-forth of copying sudo commands gets old fast.

claude-sudo is a bash wrapper I built that temporarily grants Claude Code passwordless sudo access while maintaining a complete audit trail.

How It Works

The tool operates in three phases:

  1. Startup: Creates a temporary sudoers rule, sets up command logging, and launches Claude Code
  2. Session: Intercepts every sudo command, logs it with timestamp and context to ~/.claude-sudo/audit.log, then executes it
  3. Exit: Revokes the sudoers rule, cleans up session files, and preserves the audit log

When to Use It

This is designed for low-stakes environments:

  • Disposable VMs and containers
  • Fresh development machines
  • Ephemeral CI/CD environments
  • Isolated test systems
  • Machines you’ve backed up (and don’t mind nuking)

When NOT to Use It

  • Production servers
  • Systems with sensitive data
  • Shared or corporate machines
  • Your only computer

Quick Start

curl -sSL https://raw.githubusercontent.com/jordanburke/claude-sudo/main/install.sh | bash
claude-sudo

The first run prompts for risk acknowledgment. After that, Claude Code launches with full root access until you exit the session.

Why I Built This

I had an old Surface Pro that was collecting dust. Windows 10 was end-of-life, Windows 11 wasn’t an option for that hardware, and the machine was pretty sluggish. I decided to install Linux and see if that helped—and I wanted Claude Code to handle the configuration.

The problem was that every other command needed sudo. I’d ask Claude to set something up, it would give me the command, I’d run it manually, paste the output back, and repeat. For a machine I didn’t really care about, this was a lot of friction.

I could have just run Claude as root and called it a day. But that felt like the wrong habit to build (i.e., what if I wanted to do this again on a machine I actually cared about?).

So I made claude-sudo—a middle ground that gives Claude temporary root access but logs everything. It’s not bulletproof, but it’s a reasonable tradeoff for low-stakes environments where you want Claude to just get things done without constant hand-holding.

Check it out on GitHub.

Thanks for reading! Feel free to reach out with questions or feedback.

Get in Touch