insecure_perms

Diagnostic `nanook::auth::insecure_perms`

Summary

identity file `{0}` has insecure permissions {1:#o}

Help

chmod 0600 the file; ed25519 secrets must not be group- or world-readable

Details

When this fires

Identity::load checked the mode of your private identity file and saw bits outside the owner triplet (mode & 0o077 != 0). Default location is ~/.nanook/admin/id_ed25519. The agent and nanook ctl both refuse to load a key that other users on the box can read, so anything that needs the local identity will fail at startup.

What to check

Lock it back down (or just rerun nanook keygen, which writes mode 0600):

chmod 0600 ~/.nanook/admin/id_ed25519
chmod 0700 ~/.nanook

For shared filesystems with sloppy default modes (NFS, some cloud mounts), move the key to a local path or fix the mount's umask.