permission handling in first time install script

first_time_install.sh

@@ -239,13 +239,15 @@ echo "-----------------------------------------------"
 
 # Ensure config directory exists
 mkdir -p "$PROJECT_ROOT_DIR/config"
+chmod 755 "$PROJECT_ROOT_DIR/config" || true
 
 # Create config_secrets.json from template if missing
 if [ ! -f "$PROJECT_ROOT_DIR/config/config_secrets.json" ]; then
     if [ -f "$PROJECT_ROOT_DIR/config/config_secrets.template.json" ]; then
         echo "Creating config/config_secrets.json from template..."
         cp "$PROJECT_ROOT_DIR/config/config_secrets.template.json" "$PROJECT_ROOT_DIR/config/config_secrets.json"
-        chmod 600 "$PROJECT_ROOT_DIR/config/config_secrets.json"
+        chown "$ACTUAL_USER:$ACTUAL_USER" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
+        chmod 640 "$PROJECT_ROOT_DIR/config/config_secrets.json"
         echo "✓ Secrets file created from template"
     else
         echo "⚠ Template config/config_secrets.template.json not found; creating a minimal secrets file"
@@ -256,7 +258,8 @@ if [ ! -f "$PROJECT_ROOT_DIR/config/config_secrets.json" ]; then
   }
 }
 EOF
-        chmod 600 "$PROJECT_ROOT_DIR/config/config_secrets.json"
+        chown "$ACTUAL_USER:$ACTUAL_USER" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
+        chmod 640 "$PROJECT_ROOT_DIR/config/config_secrets.json"
         echo "✓ Minimal secrets file created"
     fi
 else
@@ -444,9 +447,10 @@ if [ -f "$PROJECT_ROOT_DIR/config/config.json" ]; then
     echo "✓ Config file permissions set"
 fi
 
-# Set proper permissions for secrets file (restrictive)
+# Set proper permissions for secrets file (restrictive: owner rw, group r)
 if [ -f "$PROJECT_ROOT_DIR/config/config_secrets.json" ]; then
-    chmod 600 "$PROJECT_ROOT_DIR/config/config_secrets.json"
+    chown "$ACTUAL_USER:$ACTUAL_USER" "$PROJECT_ROOT_DIR/config/config_secrets.json" || true
+    chmod 640 "$PROJECT_ROOT_DIR/config/config_secrets.json"
     echo "✓ Secrets file permissions set"
 fi
 

src/config_manager.py

@@ -23,12 +23,17 @@ class ConfigManager:
             with open(self.config_path, 'r') as f:
                 self.config = json.load(f)
 
-            # Load and merge secrets if they exist
+            # Load and merge secrets if they exist (be permissive on errors)
             if os.path.exists(self.secrets_path):
-                with open(self.secrets_path, 'r') as f:
+                try:
-                    secrets = json.load(f)
+                    with open(self.secrets_path, 'r') as f:
-                    # Deep merge secrets into config
+                        secrets = json.load(f)
-                    self._deep_merge(self.config, secrets)
+                        # Deep merge secrets into config
+                        self._deep_merge(self.config, secrets)
+                except PermissionError as e:
+                    print(f"Secrets file not readable ({self.secrets_path}): {e}. Continuing without secrets.")
+                except (json.JSONDecodeError, OSError) as e:
+                    print(f"Error reading secrets file ({self.secrets_path}): {e}. Continuing without secrets.")
             
             return self.config