From edf1a9604adb945d6e8870d2cb317bd05874ff2f Mon Sep 17 00:00:00 2001 From: Stephen Chin Date: Sat, 2 May 2026 08:09:21 -0700 Subject: [PATCH] fix(hermes-agent): harden .hermes directory permissions The response_store.db and session JSON files under ~/.hermes/ are stored in plaintext and readable by any process with filesystem access. Set ~/.hermes to 0700 (owner-only) and ~/home/hermes to 0750 to restrict access to conversation history, credentials, and session data. Ref: https://github.com/NousResearch/hermes-agent/issues/7486 --- install/hermes-agent-install.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/install/hermes-agent-install.sh b/install/hermes-agent-install.sh index 781ad0d5..2aa66b41 100644 --- a/install/hermes-agent-install.sh +++ b/install/hermes-agent-install.sh @@ -56,6 +56,8 @@ HERMES_REDACT_SECRETS=true EOF chmod 600 /home/hermes/.hermes/.env chown hermes:hermes /home/hermes/.hermes/.env +chmod 750 /home/hermes +chmod 700 /home/hermes/.hermes msg_ok "Configured API Server" msg_info "Creating Service"