openclaw.json created as root with read-only permissions, making all config writes impossible from sandbox

[nfl803]

Description

During the NemoClaw onboarding wizard, openclaw.json is created at /sandbox/.openclaw/openclaw.json with permissions -r--r--r-- owned by root. The sandbox filesystem policy also explicitly sets /sandbox/.openclaw as read_only. As a result, any attempt to write to the config — via openclaw config set, the OpenClaw web UI, or python3 — fails with EACCES: permission denied.
Environment:

Hostinger VPS, Ubuntu 24.04.4 LTS, Kernel 6.8.0-90-generic
NemoClaw / OpenShell 0.0.13
OpenClaw 2026.3.11
Docker 29.3.0, k3s, containerd

Impact:

Cannot set allowedOrigins (origin warning on every page load)
Cannot configure any messaging channels (Discord, Slack, Telegram etc.)
Cannot change primary model via config
Web UI Config editor also fails with the same error

Reproduction Steps

Run nemoclaw onboard and complete the wizard
Connect to sandbox: nemoclaw nicholas-ai connect
Run: openclaw config set gateway.controlUi.allowedOrigins '["https://your-domain.com"]'
Observe: Error: EACCES: permission denied, copyfile ... openclaw.json
Run: ls -la /sandbox/.openclaw/openclaw.json
Observe: -r--r--r-- 1 root root

Environment

OS: Ubuntu 24.04.4 LTS
Kernel: 6.8.0-90-generic
NemoClaw/OpenShell: 0.0.13
OpenClaw: 2026.3.11
Docker: 29.3.0
VPS: Hostinger KVM2 (2 vCPU, 8GB RAM)
Deployment: Hostinger NemoClaw VPS template

Debug Output

Logs

Checklist

• I confirmed this bug is reproducible
• I searched existing issues and this is not a duplicate

[ChrisLincoln]

Have you found a workaround for this?

[libert-xyz]

Same issue, from sandbox

Error: EACCES: permission denied, copyfile '/sandbox/.openclaw/openclaw.json.4603.efdbd14d-126d-4a12-aff2-0766e611fbe5.tmp' -> '/sandbox/.openclaw/openclaw.json'

-r--r--r-- 1 root    root    1648 Mar 25 21:15 openclaw.json
-rw------- 1 sandbox sandbox 1654 Mar 25 21:45 openclaw.json.3899.c3101ce4-5332-4921-b2c9-25ffc3f73efb.tmp
-rw------- 1 sandbox sandbox 1654 Mar 25 21:46 openclaw.json.3941.91071467-8ac2-4fb2-892b-bf97b3da5f6b.tmp
-rw------- 1 sandbox sandbox 1654 Mar 25 21:48 openclaw.json.3996.fc79c8dd-7556-4488-9f4f-f2c1beabc6d2.tmp

[dhuang5]

i have the same issue. is there a known workaround?

[ChrisLincoln]

i have the same issue. is there a known workaround?

Yes. I don't have the exact details. I spun up a claude code instance on the host and had it fix it. It took a few spins for it to realize the container-within-a-sandbox aspect. I pointed it at the docker container as a starting point, and it went from there. When it was done, about 5 minutes later, I was chatting with the bot from Telegram.

[ctongh]

Hi team! Regarding the read-only restriction on openclaw.json (and other frequently modified config files), I think adding a declarative CLI command like nemoclaw sandbox config-set telegram.token="XYZ" would be a good approach.

And I totally understand this is a pretty early-stage project, and shipping new features or fixes heavily depends on whether everyone has caught up on sleep! (haha)

So in the meantime, if anyone has a solid workaround, that would be super helpful for us! For example, I thought about using docker cp to extract and modify openclaw.json , but after checking the sandbox directories, the actual file path doesn't seem that straightforward to locate.

Any tips or guidance would be greatly appreciated. Thanks a lot!