Skip to content

[Bug]: security audit: fs.config.perms_writable false positive on French Windows (localized SYSTEM account name not recognized) #29681

New issue
New issue
Closed
#29698
Closed
[Bug]: security audit: fs.config.perms_writable false positive on French Windows (localized SYSTEM account name not recognized)#29681
#29698
Labels
bugSomething isn't workingsecuritySecurity documentation
@lbonansbrux

Description

@lbonansbrux
lbonansbrux
opened on Feb 28, 2026

Summary

Environment

  • OpenClaw version: 2026.2.26
  • OS: Windows 11 (fr-FR locale)
  • Gateway mode: local

Description

The openclaw security audit command reports a false positive for fs.config.perms_writable on French Windows systems.

The audit message reads:
fs.config.perms_writable Config file is writable by others
C:\Users\ME.openclaw\openclaw.json acl=AUTORITE NT\Système:(F); another user could change gateway/auth/tool policies.
Fix: icacls "C:\Users\PCH.openclaw\openclaw.json" /inheritance:r /grant:r "MYCOMPUTER\ME:F" /grant:r "SYSTEM:F"

However, the actual ACL on the file is correct: C:\Users\ME.openclaw\openclaw.json AUTORITE NT\Système:(F)
MYCOMPUTER\ME:(F)

BUILTIN\Administrators is not present. The file is only accessible by the current user and the SYSTEM account.

Root cause (suspected)

On French Windows, the SYSTEM account is named AUTORITE NT\Système instead of
NT AUTHORITY\SYSTEM. The audit logic appears to compare ACL entries against
the English account name and fails to recognize the localized equivalent,
triggering a false positive.

Workaround

None. The warning persists regardless of ACL configuration on French Windows.

Steps to reproduce

  1. Install OpenClaw on a French Windows system
  2. Run icacls to restrict config file permissions to current user + SYSTEM only
  3. Run openclaw security audit
  4. Observe fs.config.perms_writable CRITICAL warning despite correct ACL

Expected behavior

The audit should recognize localized SYSTEM account names (AUTORITE NT\Système,
NT-AUTORITÄT\SYSTEM, etc.) as equivalent to NT AUTHORITY\SYSTEM and not
flag them as a security issue.

Actual behavior

The audit message reads:
fs.config.perms_writable Config file is writable by others
C:\Users\ME.openclaw\openclaw.json acl=AUTORITE NT\Système:(F); another user could change gateway/auth/tool policies.
Fix: icacls "C:\Users\PCH.openclaw\openclaw.json" /inheritance:r /grant:r "MYCOMPUTER\ME:F" /grant:r "SYSTEM:F"

OpenClaw version

2026.2.26

Operating system

Windows 11 (fr-FR locale)

Install method

No response

Logs, screenshots, and evidence



Impact and severity


No response


Additional information


No response
Metadata
Metadata
Assignees
No one assigned
    Labels
    bugSomething isn't workingsecuritySecurity documentation
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions