Spaces:
Running
Running
feat: give hermes user passwordless sudo
Browse filesInstall sudo and grant hermes ALL=(ALL) NOPASSWD: ALL so the agent
can run privileged commands (apt install, service management, file
operations) without a password prompt.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Dockerfile +5 -1
Dockerfile
CHANGED
|
@@ -9,6 +9,7 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
| 9 |
ca-certificates \
|
| 10 |
curl \
|
| 11 |
jq \
|
|
|
|
| 12 |
python3 \
|
| 13 |
python3-venv \
|
| 14 |
python3-pip \
|
|
@@ -30,7 +31,10 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
|
| 30 |
fonts-liberation \
|
| 31 |
fonts-noto-color-emoji \
|
| 32 |
&& rm -rf /var/lib/apt/lists/* \
|
| 33 |
-
&& uv pip install --python /opt/hermes/.venv/bin/python --no-cache-dir huggingface_hub hf_transfer jupyterlab
|
|
|
|
|
|
|
|
|
|
| 34 |
|
| 35 |
COPY --chown=hermes:hermes start.sh /opt/huggingmes/start.sh
|
| 36 |
COPY --chown=hermes:hermes health-server.js /opt/huggingmes/health-server.js
|
|
|
|
| 9 |
ca-certificates \
|
| 10 |
curl \
|
| 11 |
jq \
|
| 12 |
+
sudo \
|
| 13 |
python3 \
|
| 14 |
python3-venv \
|
| 15 |
python3-pip \
|
|
|
|
| 31 |
fonts-liberation \
|
| 32 |
fonts-noto-color-emoji \
|
| 33 |
&& rm -rf /var/lib/apt/lists/* \
|
| 34 |
+
&& uv pip install --python /opt/hermes/.venv/bin/python --no-cache-dir huggingface_hub hf_transfer jupyterlab \
|
| 35 |
+
&& printf 'hermes ALL=(ALL) NOPASSWD: ALL\n' > /etc/sudoers.d/hermes \
|
| 36 |
+
&& chmod 0440 /etc/sudoers.d/hermes \
|
| 37 |
+
&& visudo -cf /etc/sudoers.d/hermes
|
| 38 |
|
| 39 |
COPY --chown=hermes:hermes start.sh /opt/huggingmes/start.sh
|
| 40 |
COPY --chown=hermes:hermes health-server.js /opt/huggingmes/health-server.js
|