T-Gander/ProxmoxVEDHelperScripts
1
0
Fork 0
Code Issues Pull Requests Actions 5 Packages Projects Releases Wiki Activity

fix(hermes-agent): harden .hermes directory permissions

Browse Source 
The response_store.db and session JSON files under ~/.hermes/ are stored
in plaintext and readable by any process with filesystem access. Set
~/.hermes to 0700 (owner-only) and ~/home/hermes to 0750 to restrict
access to conversation history, credentials, and session data.

Ref: https://github.com/NousResearch/hermes-agent/issues/7486
This commit is contained in:
Stephen Chin
2026-05-02 08:09:21 -07:00
parent e0aaacdb96
commit edf1a9604a
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/hermes-agent-install.sh
View File

@@ -56,6 +56,8 @@ HERMES_REDACT_SECRETS=true
EOF EOF
chmod 600 /home/hermes/.hermes/.env chmod 600 /home/hermes/.hermes/.env
chown hermes:hermes /home/hermes/.hermes/.env chown hermes:hermes /home/hermes/.hermes/.env
chmod 750 /home/hermes
chmod 700 /home/hermes/.hermes
msg_ok "Configured API Server" msg_ok "Configured API Server"
msg_info "Creating Service" msg_info "Creating Service"