Linux is often used as the scheduling side or gateway side running environment of OpenClaw. The following assumes that you use a systemd distribution (such as Ubuntu LTS, Debian, and some cloud vendor images).

1. Users and Directories

It is recommended to create a separate system user and working directory for OpenClaw (for example/var/lib/openclaw), avoid mixing with root. Place the configuration and key into a directory readable by this user and restrict permissions to600。

2. systemd unit

useType=simpleOr the official recommended type, set explicitlyWorkingDirectory、EnvironmentFile. enableRestart=on-failureand set it appropriatelyRestartSec, to prevent abnormal loops from filling up the CPU.

3. Network and Firewall

Only open necessary inbound ports; if it is only used as an outbound client, inbound can be denied by default. When communicating with the Mac Cloud instance, the intranet or fixed export IP is preferred to facilitate security group policy on the Mac Cloud side.

4. Logging and rotation

Redirect standard output to journald orlogrotateThe managed files are easy to compare and check with the log fragments attached to the work order system.