hermes - 💡(How to fix) Fix [Bug]: entrypoint.sh misses chown for ui-tui/ and gateway/ when HERMES_UID is remapped

Bug Description

When HERMES_UID is set to a value different from the build-time 10000 (e.g. 99 to align with the host UID on Unraid/Synology), the entrypoint correctly remaps the hermes user's UID via usermod, but usermod -u only auto-updates ownership of files inside the user's home directory (/opt/data). Files under /opt/hermes/ui-tui/dist/ and /opt/hermes/gateway/ retain their original owner UID 10000, causing:

1. esbuild (via the TUI dashboard) fails to write to dist/ → EACCES
2. Python fails to create pycache directories under gateway/ → permission errors for lazy deps and runtime caching

Steps to Reproduce

1. Pull the image and set HERMES_UID=99 (or any value ≠ 10000): docker run -e HERMES_UID=99 -v /some/bind:/home/hermes/.hermes ghcr.io/nousresearch/hermes-agent
2. Observe that hermes user's UID is 99:

docker exec <container> id hermes
# uid=99(hermes) gid=100(users)

1. Check file ownership:

docker exec <container> ls -la /opt/hermes/ui-tui/dist/
# drwxr-xr-x 1 10000 10000 ...   ← still owned by build-time UID!
docker exec <container> ls -la /opt/hermes/gateway/
# drwxr-xr-x 1 10000 10000 ...   ← same

1. Try running the TUI or any Python code that writes to these directories → permission denied.

Expected Behavior

When HERMES_UID != 10000 (indicating a remap), the entrypoint should also chown $INSTALL_DIR/ui-tui/ and $INSTALL_DIR/gateway/ so the remapped user can write to them.

Actual Behavior

In docker/entrypoint.sh, the chown logic (around lines 35-44) only fixes ownership for:

• $HERMES_HOME (the bind-mounted data volume)
• $INSTALL_DIR/.venv (the Python virtual environment)

Affected Component

Tools (terminal, file ops, web, code execution, etc.)

Messaging Platform (if gateway-related)

No response

Debug Report

n/a

Operating System

Unraid 7.3.0

Python Version

3.13.5

Hermes Version

0.14.0

Additional Logs / Traceback (optional)

Root Cause Analysis (optional)

In docker/entrypoint.sh, the chown logic (around lines 35-44) only fixes ownership for:

• $HERMES_HOME (the bind-mounted data volume)
• $INSTALL_DIR/.venv (the Python virtual environment)

But it does not fix ownership for:

• $INSTALL_DIR/ui-tui/dist/ — written by esbuild at runtime
• $INSTALL_DIR/gateway/ — Python pycache directories created at runtime
• $INSTALL_DIR/node_modules/ — though less frequently written

The Dockerfile builds these directories with chown -R hermes:hermes (line 103), but at that point hermes is UID 10000. When the entrypoint later remaps hermes to a different UID, usermod -u only updates files inside the user's home directory (/opt/data), not arbitrary paths like /opt/hermes/*.

Proposed Fix (optional)

In docker/entrypoint.sh, add two more chown lines after line 44:

• chown -R hermes:hermes "$INSTALL_DIR/ui-tui" 2>/dev/null || true
• chown -R hermes:hermes "$INSTALL_DIR/gateway" 2>/dev/null || true

Are you willing to submit a PR for this?

• I'd like to fix this myself and submit a PR