Bug Description
The Hermes installer (run via curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash -s -- ...) leaves ~/.hermes/.env at file mode 0664 (-rw-rw-r--). This file holds runtime secrets including ANTHROPIC_API_KEY, SLACK_BOT_TOKEN, SLACK_APP_TOKEN, and PLANE_API_TOKEN. World-readable + group-readable mode means any local user on the machine can read the secrets — a security footgun in any multi-user environment.
Steps to Reproduce
- On a fresh Ubuntu 24.04 VPS as a non-root user (e.g.,
plumline in our case), run:
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash -s -- --branch v2026.5.7
- After install completes (or after running the setup wizard if not using
--skip-setup), inspect ~/.hermes/.env:
- File mode is
-rw-rw-r-- (0664).
Expected Behavior
~/.hermes/.env is created at file mode 0600 (-rw-------), readable only by the file owner. This matches standard practice for env/credential files holding API keys (cf. .netrc, .aws/credentials, .ssh/config — all default to or enforce 0600).
Actual Behavior
File mode is 0664. On any system with multiple users (including service accounts, build users, etc.), the secrets in .env are readable by anyone in the file's group OR (if the parent directories are traversable) by anyone on the system.
Affected Component
Debug Report
Not directly applicable — this is a file-mode issue at install time, not a runtime bug.
Operating System
Ubuntu 24.04.4 LTS
Hermes Version
0.13.0 (2026.5.7) [498bfc7]
Proposed Fix
Add chmod 0600 ~/.hermes/.env at the end of the install script (or at the end of the setup wizard's secret-prompt flow). One line. Apply the same pattern to any other config file the installer writes that may hold secrets after the setup wizard (e.g., ~/.hermes/config.yaml if MCP server tokens get written literally — Hermes config has no \${VAR} interpolation so MCP tokens often need to be literal).
Bug Description
The Hermes installer (run via
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash -s -- ...) leaves~/.hermes/.envat file mode0664(-rw-rw-r--). This file holds runtime secrets includingANTHROPIC_API_KEY,SLACK_BOT_TOKEN,SLACK_APP_TOKEN, andPLANE_API_TOKEN. World-readable + group-readable mode means any local user on the machine can read the secrets — a security footgun in any multi-user environment.Steps to Reproduce
plumlinein our case), run:curl -fsSL https://hermes-agent.nousresearch.com/install.sh | bash -s -- --branch v2026.5.7--skip-setup), inspect~/.hermes/.env:ls -la ~/.hermes/.env-rw-rw-r--(0664).Expected Behavior
~/.hermes/.envis created at file mode0600(-rw-------), readable only by the file owner. This matches standard practice for env/credential files holding API keys (cf..netrc,.aws/credentials,.ssh/config— all default to or enforce 0600).Actual Behavior
File mode is
0664. On any system with multiple users (including service accounts, build users, etc.), the secrets in.envare readable by anyone in the file's group OR (if the parent directories are traversable) by anyone on the system.Affected Component
Debug Report
Not directly applicable — this is a file-mode issue at install time, not a runtime bug.
Operating System
Ubuntu 24.04.4 LTS
Hermes Version
0.13.0 (2026.5.7) [498bfc7]
Proposed Fix
Add
chmod 0600 ~/.hermes/.envat the end of the install script (or at the end of the setup wizard's secret-prompt flow). One line. Apply the same pattern to any other config file the installer writes that may hold secrets after the setup wizard (e.g.,~/.hermes/config.yamlif MCP server tokens get written literally — Hermes config has no\${VAR}interpolation so MCP tokens often need to be literal).