Siddharth Balyan 64145a1996 fix(nix): replace chown -R with targeted find in container entrypoint (#23633) ...

The container entrypoint ran `chown -R` on $HERMES_HOME every start.
`chown` strips the setgid bit (kernel security behavior), destroying
the 2770 permissions the NixOS activation script sets for group access
by hostUsers. This caused PermissionError for interactive CLI users
even though they were in the hermes group.

Replace with `find ... ! -user $UID -exec chown` which only touches
files with wrong ownership, leaving correctly-owned directories and
their permission bits intact.

Affects: container.enable + container.hostUsers + addToSystemPackages

Related: #19795, #19788, #9383

2026-05-11 12:59:57 +05:30

..

checks.nix

feat(nix): add extraDependencyGroups for sealed venv extras (#21817)

2026-05-11 12:23:48 +05:30

configMergeScript.nix

feat: nix flake — uv2nix build, NixOS module, persistent container mode (#20)

2026-03-26 01:08:02 +05:30

devShell.nix

change(nix): dedupe nix lockfile checking scripts in ci (#18000)

2026-04-30 22:52:30 +05:30

hermes-agent.nix

feat(nix): add extraDependencyGroups for sealed venv extras (#21817)

2026-05-11 12:23:48 +05:30

lib.nix

fix(nix): refresh stale tui npmDepsHash + fix cache-blind detection (#20144)

2026-05-05 15:32:20 +05:30

nixosModules.nix

fix(nix): replace chown -R with targeted find in container entrypoint (#23633)

2026-05-11 12:59:57 +05:30

overlays.nix

fix(banner): show correct update status on nix-built hermes (#17550)

2026-04-30 07:03:00 +05:30

packages.nix

fix(banner): show correct update status on nix-built hermes (#17550)

2026-04-30 07:03:00 +05:30

python.nix

feat(nix): declarative plugin installation for NixOS module (#15953)

2026-04-28 00:18:32 +05:30

tui.nix

fix(nix): refresh stale tui npmDepsHash + fix cache-blind detection (#20144)

2026-05-05 15:32:20 +05:30

web.nix

change(nix): dedupe nix lockfile checking scripts in ci (#18000)

2026-04-30 22:52:30 +05:30