Sometimes you want to run commands that you don’t fully trust or that intentionally bypass safeguards. A good example is running AI agents like:
claude --dangerously-skip-permissions
If that command executes arbitrary shell commands, writes files, or installs software, running it in your main admin session is risky.
A lightweight alternative to a full VM is to create a separate macOS user session and connect to it via VNC in a window. This gives you a local desktop sandbox with minimal setup.
No virtualization required.
The architecture looks like this:
Admin user
↓
Screen Sharing (VNC)
↓
Restricted macOS user
↓
Run risky commands safely
Why This Works Well for Developers
This setup provides:
- separate
$HOME - separate login keychain
- separate permissions
- no admin privileges
- easy reset by deleting the user
You also get a windowed sandbox desktop, similar to a VM but much lighter.
This is ideal for things like:
- running
claude --dangerously-skip-permissions - testing install scripts
- experimenting with unknown npm packages
- isolating automation tools
- testing shell agents
Step 1 — Create a Restricted User
Open:
System Settings → Users & Groups
Add a new user:
Account Type: Standard
Name: sandbox
Important: Do NOT make it an admin user.
This ensures the sandbox cannot:
- install system software
- modify system settings
- escalate privileges easily
Step 2 — Enable Screen Sharing
Open:
System Settings → General → Sharing
Enable:
Screen Sharing
Click the ⓘ info button.
Set access to:
Allow access for: Only these users
Add your restricted user.
Example:
sandbox
This ensures only that account can initiate screen sharing sessions.
Step 3 — Log Into the Sandbox User
Enable Fast User Switching:
System Settings → Control Center
→ Fast User Switching
→ Show in Menu Bar
Then:
- Click your username in the menu bar
- Select Login Window
- Log in as the
sandboxuser
The sandbox session is now running in the background.
Step 4 — Connect to the Sandbox Desktop
macOS normally blocks connecting to your own screen and shows:
You cannot control your own screen
To bypass this, create a local port forward.
Run:
ssh -NL 5901:localhost:5900 localhost
This forwards:
localhost:5901 → localhost:5900
Now connect using Finder.
Press:
⌘ + K
Enter:
vnc://localhost:5901
This opens the Screen Sharing app in a window connected to the sandbox desktop.
Fix for “You Cannot Control Your Own Screen”
If you try connecting directly to vnc://localhost, macOS will block it.
The SSH tunnel above solves this issue.
See the StackExchange discussion explaining the workaround:
Step 5 — Run Your Risky Commands
Inside the sandbox desktop window you can now safely run things like:
claude --dangerously-skip-permissions
Even if the agent:
- modifies files
- installs packages
- writes scripts
it will only affect:
/Users/sandbox
Your main development environment stays safe.
Convenience Shortcut
To open the sandbox quickly:
open vnc://localhost:5901
You can even create a shell alias:
alias sandbox="open vnc://localhost:5901"
Now launch the sandbox with:
sandbox
⚠️ Security Caveat
A separate macOS user is not a strong security sandbox. It helps prevent accidental damage but does not fully isolate data.
Files in your main home directory that are world-readable can still be accessed by the sandbox user.
For example:
/Users/realUser/.aws/config
/Users/realUser/.aws/credentials
~/.gitconfig
~/.npmrc
~/.env
If permissions look like:
-rw-r--r--
then any user on the machine can read them.
For instance, the sandbox user could run:
cat /Users/realUser/.aws/config
Many tools lock down sensitive files automatically, but not all do.
You can audit files that other users can read:
find ~ -perm -o+r
And tighten permissions where needed:
chmod 600 ~/.aws/*
chmod 600 ~/.ssh/*
This setup protects against accidental breakage, but it is not meant to contain malicious software. If you need stronger isolation, use a VM.
Advantages Over Virtual Machines
| Feature | This Setup | VM |
|---|---|---|
| RAM usage | very low | high |
| Startup time | instant | slow |
| Disk usage | minimal | large |
| Native macOS apps | yes | limited |
| Hardware acceleration | full | partial |
For many developer workflows, this feels like a lightweight local VM.
Final Result
Your system now looks like:
Admin Desktop
↓
Sandbox Window (VNC)
↓
Restricted macOS user
↓
Run risky tools safely
A simple, fast, and effective way to isolate powerful developer tools.
Top comments (0)