mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-04-28 15:01:34 +08:00
df714add9d
atomic_yaml_write() and atomic_json_write() used tempfile.mkstemp() which creates files with 0o600 (owner-only). After os.replace(), the original file's permissions were destroyed. Combined with _secure_file() forcing 0o600, this broke Docker/NAS setups where volume-mounted config files need broader permissions (e.g. 0o666). Changes: - atomic_yaml_write/atomic_json_write: capture original permissions before write, restore after os.replace() - _secure_file: skip permission tightening in container environments (detected via /.dockerenv, /proc/1/cgroup, or HERMES_SKIP_CHMOD env) - save_env_value: preserve original .env permissions, remove redundant third os.chmod call - remove_env_value: same permission preservation On desktop installs, _secure_file() still tightens to 0o600 as before. In containers, the user's original permissions are respected. Reported by Cedric Weber (Docker/Portainer on NAS).
6.1 KiB
6.1 KiB