One simple way to run multiple Hermes Agent instances on one VM is to give each agent its own Linux user.
This lets the operating system enforce the isolation boundary. Each agent gets a separate UID, home directory, file permissions, and process tree. If one agent crashes, misbehaves, or writes unexpected files, the other agents are still protected by normal Linux permissions.
This saves on hosting costs compared to giving each agent its own VM, but the isolation is not as strong.
Create One User Per Agent
Create a dedicated OS account for each agent:
sudo useradd -m -U -s /bin/bash auditron
The important part is that each agent has a distinct UID and GID. For example, auditron might run as UID 1002, while another agent runs as UID 1003. The kernel uses those IDs to decide which files and processes each account can access.
Repeat this for every agent:
sudo useradd -m -U -s /bin/bash reporter
sudo useradd -m -U -s /bin/bash reviewer
Do not add these users to sudo, wheel, or any other admin group. By design, each agent account should be a regular unprivileged user. The agent can manage its own files and processes, but it cannot install system packages, edit /etc, restart system services, or modify the VM.
If you need an agent with sudo access, use a separate master agent account for system administration tasks. This root agent can also manage the other agents, including restarting services, rotating logs, and updating configs, while the regular worker agents stay unprivileged.
Lock Down Home Directories
Set each agent home directory to mode 700:
sudo chmod 700 /home/auditron
sudo chmod 700 /home/reporter
sudo chmod 700 /home/reviewer
With drwx------, only the owner and root can read, write, or enter the directory. This prevents agents from reading each other’s config, logs, credentials, working files, and memory dumps written to disk.
Check the result:
ls -ld /home/auditron /home/reporter /home/reviewer
Enable Lingering for Each Agent User
Enable lingering for each agent account:
sudo loginctl enable-linger auditron
sudo loginctl enable-linger reporter
sudo loginctl enable-linger reviewer
Lingering lets a user’s service manager keep running after the user logs out. It also allows user services to start at boot without an interactive login session. This is needed for the Hermes gateway to stay running.
Ask the Agent to Make the Installer Rootless
Before running Hermes as a service, ask your main root agent to modify hermes-install.sh so it works without sudo.
Example prompt:
Modify hermes-install.sh so it runs rootlessly as the current user and keeps all files under the user's home directory.
Then run the installer inside the agent account:
sudo -iu auditron
./hermes-install.sh
This keeps the agent binaries, config, logs, state, and Python dependencies inside /home/auditron. The agent never needs to touch the system OS level. Combined with a non-sudo user and chmod 700 home permissions, this gives you a practical sandbox for sharing one VM between multiple agents.
Note: this manual step may not be needed in later versions of Hermes. Check the release notes before doing this.
Keep Secrets Separate
Store each agent’s credentials under that agent’s home directory:
/home/auditron/.hermes/
/home/reporter/.hermes/
/home/reviewer/.hermes/
Then make sure the files are private:
sudo chmod -R go-rwx /home/auditron
I recommend giving each agent its own API keys and credentials. This makes it easier to track token usage per agent and revoke access for one agent without affecting the others.
For more on this and other agent tools, see AI tools I recommend.