[Setup]: Persistent `[Errno 13] Permission denied` on `/opt/data/config.yaml` during/after setup on NAS Docker (UGOS Pro)

[jiezhengj]

What's Going Wrong?

I am attempting to deploy Hermes Agent on a UGreen DX4600 NAS (running UGOS Pro, a Linux-based NAS OS) using Docker. I am using the official image nousresearch/hermes-agent:latest.

The core issue is that even though the container has successfully created the config.yaml file during the setup process, it immediately fails to read it or modify it afterwards, throwing a Permission denied error. This happens despite the container running as root and having a volume mapped to the host filesystem.

Curiously, other AI agent Docker applications (e.g., agentscope-qwenpaw) work perfectly with identical volume mapping settings on the same hardware, suggesting that Hermes' specific method of writing or rotating configuration files might be conflicting with the host's ACL/filesystem permissions.

Steps Taken

1. Created a host directory for persistent data (mapped to /opt/data in the container).
2. Started the container in interactive mode (-it).
3. Ran the setup wizard: /opt/hermes/.venv/bin/hermes setup.
4. Successfully completed the interactive configuration (API keys, etc.).
5. As soon as the wizard attempts to save or the gateway tries to reload the config, the error triggers.

Installation Method

Docker

Operating System

Debian 12

Python Version

No response

Hermes Version

No response

Debug Report

Full Error Output

Warning: Failed to load config: [Errno 13] Permission denied: '/opt/data/config.yaml'

What I've Already Tried

1. Privileged Mode: Enabled "Privileged Mode" in the Docker settings, but the error persists.
2. Manual Permission Change: Attempted chmod 777 /opt/data/config.yaml inside the container terminal. Even with root privileges inside the container, the operation was either ineffective or blocked by the host's underlying filesystem security.
3. File Recreation: Deleted config.yaml and reran the setup; the error reappears the moment the new file is generated.
4. Host-side Edit: Edited and saved the file via the NAS host GUI to force a reset of the owner/ACLs, but the container still cannot maintain access after its own subsequent write operations.
5. Environment Variables (PUID/PGID): Attempted to pass PUID=1000 / PGID=10 (the NAS user ID) and PUID=0 / PGID=0 (Root) as environment variables to the container. Neither configuration resolved the permission conflict, suggesting the image may lack native support for these variables to manage filesystem access.
6. Comparison: Confirmed that other Docker containers using the same volume path can read/write without issue, which points to a potential issue in the atomic-write or file-rotation logic used by Hermes Agent's config manager.

[alt-glitch]

Related to #13731 — same class of Docker permission issue where USER hermes bypasses entrypoint root-only permission fix. Workaround: run with --user 0:0.

[jiezhengj]

Related to #13731 — same class of Docker permission issue where USER hermes bypasses entrypoint root-only permission fix. Workaround: run with --user 0:0.

I have attempted to resolve this by forcing the container to run as root using Docker Compose (user: "0:0" and privileged: true), but the issue persists due to the internal logic of the entrypoint.sh script.

Here are the logs from the attempt:

nousresearch_hermes-agent  | Warning: Failed to load config: [Errno 13] Permission denied: '/opt/data/config.yaml'
nousresearch_hermes-agent  | WARNING gateway.run: Shutdown diagnostic — other hermes processes running:
nousresearch_hermes-agent  |   root           1  0.0  0.0   2564  1324 ?        Ss   04:43   0:00 /usr/bin/tini -g -- /opt/hermes/docker/entrypoint.sh gateway run
...
nousresearch_hermes-agent  | Dropping root privileges
nousresearch_hermes-agent  | chown: changing ownership of '/opt/data/config.yaml': Operation not permitted

Analysis of the failure:

1. Hardcoded Privilege Dropping: Even when the container is explicitly started as root, the entrypoint script detects the root status and executes Dropping root privileges.
2. Failed chown on Bind Mounts: Before dropping privileges, the script attempts to chown the configuration files in /opt/data. On many NAS operating systems (like UGreen's UGOS or Synology), the host's ACL/Filesystem security (Btrfs) prevents a containerized root process from changing the ownership of bind-mounted files.
3. The Resulting Deadlock: The chown fails with Operation not permitted, but the script proceeds to drop privileges to the non-root hermes user (UID 10000). This user then lacks the permissions to read/write the files owned by the host user (typically UID 1000), resulting in the final Permission denied error.

Why this needs a fix:
While "Named Volumes" might work, NAS users specifically require Bind Mounts to easily manage and edit config.yaml, SOUL.md, and other assets directly from the host filesystem.

I have already tried setting PUID/PGID and HERMES_SKIP_PERMISSIONS_SETUP=1, but they appear to be ignored or bypassed by the current entrypoint logic. A fix that allows users to skip the chown and Dropping root privileges steps entirely via environment variables would be highly appreciated.

[taffit]

Same problem here. I've mapped the hermes-config directory locally, and executed hermes setup via a docker run command, as advised in the help. This changes the permissions of the folder to the user 10000 (=hermes user in the container). Resetting the permissions after starting the gateway doesn't help at all, still getting the Errno 13.

[JadianZheng]

Same

[konsisumer]

Thanks for the detailed report and follow-up logs.

Status of referenced issues:

• [Setup]: Docker volume mounts fail on UnRAID due to USER hermes bypassing entrypoint permission fix #13731 — CLOSED as a duplicate of v0.11.0 Dockerfile: final USER hermes breaks entrypoint UID remap, contradicts docs #15832. Fixed on main by commit 14c9f7272 ("fix(docker): fix HERMES_UID permission handling"), which removed USER hermes from the Dockerfile so the entrypoint runs as root and can chown the bind mount before dropping privileges. That fix shipped in v0.12.0 (v2026.4.30) and is in current :latest (v0.13.0 / v2026.5.7).

Your follow-up log shows chown: changing ownership of '/opt/data/config.yaml': Operation not permitted while running as container root — that’s distinct from the USER hermes bypass that 14c9f7272 addresses, and suggests the NAS host kernel (UGOS Pro Btrfs ACLs) is rejecting chown even from container UID 0. To narrow this down, could you share:

1. After docker pull nousresearch/hermes-agent:latest, the output of docker image inspect nousresearch/hermes-agent:latest --format '{{.Created}}' — to confirm the image you’re running post-dates 2026-04-21 (commit 14c9f7272).
2. Output of docker run --rm --user 0:0 -v <host-path>:/opt/data nousresearch/hermes-agent:latest sh -c 'id; touch /opt/data/.probe; chown 10000:10000 /opt/data/.probe; ls -la /opt/data/.probe' — this isolates whether the host filesystem permits container-root chown at all, separate from the entrypoint logic.
3. Host-side mount info: mount | grep <bind-mount-path> plus getfacl <bind-mount-path> if available — to surface UGOS-specific ACL flags or Btrfs subvolume options behind the rejection.
4. As a control: does a Docker named volume (instead of a bind mount) on the same image work? That isolates host-filesystem ACL behavior from the entrypoint’s chown logic.

If step 2 confirms the host blocks container-root chown, 14c9f7272 won’t fully resolve this case for NAS users — we’d likely need an opt-out env flag (for example HERMES_SKIP_CHOWN=1) plus a way to run the gateway as the host UID that already owns the bind mount. The diagnostics above will tell us which path is the right one to scope.

[jiezhengj]

Thanks for the detailed report and follow-up logs.

Status of referenced issues:

• [Setup]: Docker volume mounts fail on UnRAID due to USER hermes bypassing entrypoint permission fix #13731 — CLOSED as a duplicate of v0.11.0 Dockerfile: final USER hermes breaks entrypoint UID remap, contradicts docs #15832. Fixed on main by commit 14c9f7272 ("fix(docker): fix HERMES_UID permission handling"), which removed USER hermes from the Dockerfile so the entrypoint runs as root and can chown the bind mount before dropping privileges. That fix shipped in v0.12.0 (v2026.4.30) and is in current :latest (v0.13.0 / v2026.5.7).

Your follow-up log shows chown: changing ownership of '/opt/data/config.yaml': Operation not permitted while running as container root — that’s distinct from the USER hermes bypass that 14c9f7272 addresses, and suggests the NAS host kernel (UGOS Pro Btrfs ACLs) is rejecting chown even from container UID 0. To narrow this down, could you share:

1. After docker pull nousresearch/hermes-agent:latest, the output of docker image inspect nousresearch/hermes-agent:latest --format '{{.Created}}' — to confirm the image you’re running post-dates 2026-04-21 (commit 14c9f7272).
2. Output of docker run --rm --user 0:0 -v <host-path>:/opt/data nousresearch/hermes-agent:latest sh -c 'id; touch /opt/data/.probe; chown 10000:10000 /opt/data/.probe; ls -la /opt/data/.probe' — this isolates whether the host filesystem permits container-root chown at all, separate from the entrypoint logic.
3. Host-side mount info: mount | grep <bind-mount-path> plus getfacl <bind-mount-path> if available — to surface UGOS-specific ACL flags or Btrfs subvolume options behind the rejection.
4. As a control: does a Docker named volume (instead of a bind mount) on the same image work? That isolates host-filesystem ACL behavior from the entrypoint’s chown logic.

If step 2 confirms the host blocks container-root chown, 14c9f7272 won’t fully resolve this case for NAS users — we’d likely need an opt-out env flag (for example HERMES_SKIP_CHOWN=1) plus a way to run the gateway as the host UID that already owns the bind mount. The diagnostics above will tell us which path is the right one to scope.

Hi, I have completed the diagnostic steps on my UGreen DX4600 (UGOS Pro). I also want to share an update on my current workaround. Here are the results:

1. Image Creation Date

2026-05-08T20:06:17.059319403Z

It confirms I am running the latest version post-dating the 14c9f72 fix.

2. Container Root Chown Probe
Command executed: sudo docker run --rm --user 0:0 -v /volume5/docker/nousresearch_hermes-agent/data:/opt/data nousresearch/hermes-agent:latest sh -c 'id; touch /opt/data/.probe; chown 10000:10000 /opt/data/.probe; ls -la /opt/data/.probe'

Output:

Dropping root privileges
...
uid=10000(hermes) gid=10000(hermes) groups=10000(hermes)
-rw-r--r-- 1 hermes hermes 0 May 14 13:47 /opt/data/.probe

Observation: Even when forced to run as root (--user 0:0), the entrypoint script still drops privileges to UID 10000.

3. Host-side Mount & ACL Info
Host path: /volume5/docker/nousresearch_hermes-agent/data

sudo mount | grep /volume5/docker/nousresearch_hermes-agent/data returned empty (it's a subpath of the main /volume5 Btrfs mount).

sudo getfacl output:

# file: volume5/docker/nousresearch_hermes-agent/data
# owner: 10000
# group: 10000
user::rwx
group::---
other::---

4. Named Volume Test
The command sudo docker run --rm -it -v hermes_test_volume:/opt/data ... works perfectly. I did not see any [Errno 13] Permission denied errors during the setup wizard.

5. My Current Situation & Workaround
For my actual deployment, I have stopped trying to force the container to run as root. My container config injects PUID=1000 and PGID=10 (my NAS user IDs), but the image seems to ignore them completely, continuing to use UID 10000.

Because of this, my current workaround is to constantly open an SSH terminal to my NAS and manually execute sudo chown -R 10000:10000 /volume5/docker/nousresearch_hermes-agent/data on the host side every time a new file is generated and throws a permission error.

Conclusion:
The issue seems strictly tied to Bind Mounts on NAS filesystems (UGOS Btrfs). The hardcoded privilege drop to UID 10000 and subsequent chown attempts clash with host-level ACLs.

To make this NAS-friendly, it would be amazing if the image could either:

1. Natively respect PUID/PGID environment variables (like Linuxserver images do) so it matches the host user.
2. Provide an environment variable like HERMES_SKIP_CHOWN=1 to bypass the privilege dropping and chown logic entirely.

Let me know if you need any more tests!

[konsisumer]

It looks like this is being addressed in #25872. Linking for visibility; if I've misread the scope, let me know and I can take a fresh look.