Sokrates Permission Model and Hermes Agent Privileges
Summary
This law defines the security architecture and permission model for the Hermes agent on NixOS host systems. It establishes a least-privilege framework that allows the agent to manage the Sokrates stack—including Docker containers, systemd units, and specific data directories—while ensuring these configurations are declarative and persist across NixOS rebuilds.
Details
The Sokrates permission model is designed to enable the Hermes agent to act as an operational “Fleet Command” without granting it unrestricted root access. The model centers on the creation of a dedicated sokrates Unix group and the strategic assignment of directory permissions and group memberships.
Directory Access and Ownership
The primary data root for the stack is /var/lib/sokrates/. Access is partitioned based on the functional requirements of the Hermes agent:
| Path | Permission | Rationale |
|---|---|---|
/var/lib/sokrates/hermes/ | rwx | Primary home directory for the Hermes agent service. |
/var/lib/sokrates/eidos/ | rwx | Storage for Eidos configuration and the knowledge graph data; Hermes requires full access to update and debug the graph. |
/var/lib/sokrates/neo4j/ | rx | Access to Neo4j configuration and health check endpoints. |
/var/lib/sokrates/secrets/ | r | Access to API keys and service credentials required for agent functionality. |
/var/lib/sokrates/skills/ | r | Shared logic and agent skills used across the Sokrates ecosystem. |
/var/lib/sokrates/periphery/ | rx | Monitoring of peripheral services without modification rights. |
These permissions are enforced via NixOS systemd.tmpfiles.rules, ensuring that directory ownership and modes are reset to the correct state upon every system boot or configuration activation.
Group Memberships and System Capabilities
To interact with the host system and the containerized stack, the hermes user is assigned to specific groups:
sokratesgroup: A custom group created to own the shared directories under/var/lib/sokrates/.dockergroup: Grants the agent the ability to manage containerized services via the Docker socket.
The agent is granted access to a specific subset of system tools required for diagnostics and lifecycle management. These include docker (or podman), systemctl (specifically for status and restart operations on sokrates-* units), journalctl (for log retrieval and debugging), and network diagnostic tools like curl and ss.
Implementation via NixOS
The permission model is implemented declaratively within the NixOS configuration. This prevents “configuration drift” where manual chmod or chown commands are lost after a system update. The configuration includes:
- Definition of the
sokratesgroup inusers.groups. - Addition of the
hermesuser toextraGroups = [ "sokrates" "docker" ];. systemd.tmpfiles.rulesentries that specify the UID/GID and permissions for the/var/lib/sokrates/subdirectories.- Environment path configurations to ensure the necessary system binaries are available to the Hermes service.
Related
- Hermes Agent
- NixOS
- Eidos
- Security Boundary
- sokrates-ctl