Should I install Hermes Agent with sudo on Linux?
Use a normal user or dedicated service user unless you intentionally need a shared system install. Root-mode changes data ownership and blast radius.
Linux install path
Install Hermes Agent on Linux
On Linux, start with the official installer in a normal user account unless you intentionally need a shared system install. Verify hermes doctor before adding providers, browser automation, gateways, or production files.
Agent Guide is an independent editorial resource. It is not affiliated with, endorsed by, or sponsored by Nous Research, Hermes Agent, or Hermes/Hermes brand owners. Product names and marks belong to their respective owners.
Intent
hermes-agent-linux-install
Sources
5
Schema
2
Links
6
Short answer
Install Hermes Agent on Linux from the official installation guide, then verify the launcher, data directory, and diagnostics before connecting real credentials. The official docs describe a git-based installer and non-sudo handling for service users.
For a VPS or always-on gateway, treat Linux installation as an operations task: choose user, data directory, port exposure, browser dependency policy, backups, and update path before running real workflows.
Prerequisites
- Git available for the git-based installer.
- A normal user account for personal installs or a dedicated unprivileged service user for deployments.
- Sudo access only if browser dependencies need system libraries.
- A known data directory and backup path.
- A decision about local host execution vs Docker terminal backend.
Command to verify against official docs
The official docs describe separate handling when a service user cannot install Chromium system libraries. Capture installer output because it may print admin commands that need to be run separately.
# Copy from official docs after review
curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash
# For headless setups that do not need browser automation, verify official skip-browser support first
curl -fsSL https://raw.githubusercontent.com/NousResearch/hermes-agent/main/scripts/install.sh | bash -s -- --skip-browser
# After a new shell
hermes doctorLinux deployment decisions
| Decision | Default | Reason |
|---|---|---|
| Install user | Normal user for evaluation; dedicated unprivileged user for services | Limits accidental access and makes data ownership clearer. |
| Browser automation | Skip until needed on headless servers | Reduces dependency and attack surface for first setup. |
| Execution backend | Docker for production-like command execution | Keeps generated commands away from the host filesystem. |
| Data backup | Back up ~/.hermes or explicit HERMES_HOME before upgrades | Protects config, sessions, skills, and provider setup. |
Failure modes and fixes
| Symptom | Probable cause | Fix |
|---|---|---|
hermes doctor shows missing Chromium libraries | No sudo or missing system dependencies | Follow official dependency output or use --skip-browser for headless use. |
Service cannot find hermes | Minimal service PATH misses ~/.local/bin | Add PATH explicitly or use a controlled symlink as official docs describe. |
| Data appears under the wrong user | Installer ran with root or different account | Stop and decide whether to move state or reinstall under the intended user. |
| Gateway exposed broadly | Port binding or allowlist not reviewed | Bind locally first and configure allowlists before external access. |
Agent Guide judgment
Linux can be either a personal workstation path or the start of a service deployment. Decide which one it is before installing.
For servers, the important choices are user account, data directory, browser dependencies, port exposure, backups, and whether Docker should own command execution.
Linux smoke test
| Area | Pass condition | Stop if |
|---|---|---|
| User | Hermes runs under the intended normal or service user. | Data was created under root by accident. |
| Diagnostics | hermes doctor explains missing dependencies. | You are installing random packages without knowing why. |
| Browser | Browser automation is installed or intentionally skipped. | Headless dependency errors are ignored. |
| Server | Ports are localhost-only until auth and firewall are reviewed. | Gateway or dashboard is public by default. |
Linux PATH and service-user trap
The FAQ explains that Hermes builds a per-session environment snapshot. Tools installed through nvm, pyenv, asdf, cargo, or shell-specific PATH files can be invisible if the login-shell snapshot does not load them.
| Symptom | Likely cause | Fix direction |
|---|---|---|
node, nvm, pyenv, or asdf missing inside Hermes | Shell init file not included in the environment snapshot. | Add the relevant shell init file under terminal.shell_init_files. |
Service user cannot find hermes | Minimal service PATH misses user bin. | Set PATH explicitly or use the documented layout. |
| Browser dependencies missing | Headless/server install lacks system packages. | Use the installer diagnostics or skip browser when not needed. |
| Root-owned state appears unexpectedly | Installer ran as root or wrong user. | Stop and repair ownership before adding providers. |
Direct answer
On Linux, start with the official installer in a normal user account unless you intentionally need a shared system install. Verify hermes doctor before adding providers, browser automation, gateways, or production files.
This page is part of Agent Guide's independent Hermes Agent cluster. It is source-backed and labelled when first-hand execution has not been run.
What this page does not cover
- It does not replace the official Hermes Agent documentation.
- It does not claim official affiliation with Nous Research.
- It does not claim first-hand testing unless the page explicitly says so.
Official sources reviewed
| Source | Used for | Last checked | Confidence |
|---|---|---|---|
| Hermes Agent installation guide | Install commands, prerequisites, Windows/native installer details, and post-install checks. | 2026-06-05 | high |
| Hermes Agent Docker guide | Docker run modes, mounted data directory, gateway operation, ports, and production cautions. | 2026-06-05 | high |
| Hermes Agent security guide | Approval modes, gateway authorization, Docker terminal backend hardening, and credential cautions. | 2026-06-05 | high |
| Hermes Agent quickstart | First-run workflow, safety notes, skills, MCP, and Docker/remote-server recommendation context. | 2026-06-05 | high |
| Hermes Agent FAQ and troubleshooting | Command-not-found, provider, Docker, gateway, messaging, WSL, macOS PATH, and local model troubleshooting. | 2026-06-05 | high |
Known caveats: Agent Guide did not run the Linux installer in this batch. Use official docs for the final command, distro-specific dependency output, and current service-user behavior.
FAQ
Is Linux the best path for WSL2 users?
For many Windows users, WSL2 is the most Linux-like path and easier to compare with official shell examples.
Operator checklist
Get the Agent Guide launch checklist
Receive the smoke-test order for install path, sandbox boundary, provider setup, source review, and production checks.