T-Gander/ProxmoxVEDHelperScripts
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

fix(hermes-agent): set UMask=0077 on systemd services

Browse Source 
The Anthropic OAuth helper writes credential files with the process
default umask, resulting in 0644 permissions on sensitive files. Set
UMask=0077 on both hermes-gateway and hermes-dashboard services so all
files created at runtime are owner-only (0600/0700).

Ref: https://github.com/NousResearch/hermes-agent/issues/11003
This commit is contained in:
Stephen Chin
2026-05-02 08:08:41 -07:00
parent ed9630a783
commit 16e774083f
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/hermes-agent-install.sh
View File

@@ -69,6 +69,7 @@ Wants=network-online.target
Type=simple
User=hermes
Group=hermes
UMask=0077
WorkingDirectory=/home/hermes
ExecStart=/home/hermes/.local/bin/hermes gateway run --replace
Environment="HERMES_HOME=/home/hermes/.hermes"
@@ -93,6 +94,7 @@ Wants=network-online.target
Type=simple
User=hermes
Group=hermes
UMask=0077
WorkingDirectory=/home/hermes
ExecStart=/home/hermes/.local/bin/hermes dashboard --host 127.0.0.1 --port 9119 --no-open
Environment="HERMES_HOME=/home/hermes/.hermes"