From b24d239ce1773e86319a8e459954307807698c54 Mon Sep 17 00:00:00 2001
From: GuyCui <18024642@qq.com>
Date: Wed, 15 Apr 2026 11:10:27 +0800
Subject: [PATCH] Update permissions for config.yaml

Fix config.yaml permission drift on startup
---
 docker/entrypoint.sh | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 18f8fff4e..67d193f13 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -58,6 +58,13 @@ if [ ! -f "$HERMES_HOME/config.yaml" ]; then
     cp "$INSTALL_DIR/cli-config.yaml.example" "$HERMES_HOME/config.yaml"
 fi
 
+# Ensure the main config file remains accessible to the hermes runtime user
+# even if it was edited on the host after initial ownership setup.
+if [ -f "$HERMES_HOME/config.yaml" ]; then
+    chown hermes:hermes "$HERMES_HOME/config.yaml"
+    chmod 640 "$HERMES_HOME/config.yaml"
+fi
+
 # SOUL.md
 if [ ! -f "$HERMES_HOME/SOUL.md" ]; then
     cp "$INSTALL_DIR/docker/SOUL.md" "$HERMES_HOME/SOUL.md"