sync: auto-sync from Mikes-MacBook-Air.local at 2026-04-19 19:34:27
Author: Mike Swanson Machine: Mikes-MacBook-Air.local Timestamp: 2026-04-19 19:34:27
This commit is contained in:
Submodule projects/msp-tools/guru-rmm updated: babe5027f2...69ed6472c3
73
temp/setup-sudo-for-claudetools-fixed.sh
Executable file
73
temp/setup-sudo-for-claudetools-fixed.sh
Executable file
@@ -0,0 +1,73 @@
|
||||
#!/bin/bash
|
||||
# Bootstrap script to configure sudo for ClaudeTools operations (FIXED)
|
||||
# Run this ONCE with: bash temp/setup-sudo-for-claudetools-fixed.sh
|
||||
|
||||
set -e
|
||||
|
||||
echo "[INFO] Setting up passwordless sudo for ClaudeTools operations..."
|
||||
|
||||
# Create sudoers rule for ClaudeTools/GuruRMM operations
|
||||
# NOTE: Sudoers doesn't handle paths with spaces well, so we use wildcards
|
||||
cat > /tmp/claudetools-sudoers << 'EOF'
|
||||
# ClaudeTools passwordless sudo rules
|
||||
# Allows specific operations without password prompt
|
||||
|
||||
# GuruRMM agent installation and management
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Application*
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Logs/GuruRMM
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/target/release/gururmm-agent /usr/local/bin/gururmm-agent
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/agent.toml /Library/Application*/GuruRMM/agent.toml
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod +x /usr/local/bin/gururmm-agent
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod * /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /usr/local/bin/gururmm-agent
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /Library/Application*/GuruRMM
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tee /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl load /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl unload /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl start com.azcomputerguru.gururmm
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl stop com.azcomputerguru.gururmm
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl list
|
||||
|
||||
# General file operations for ClaudeTools
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cat /Library/Logs/GuruRMM/*
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tail /Library/Logs/GuruRMM/*
|
||||
EOF
|
||||
|
||||
# Install sudoers rule
|
||||
sudo install -m 0440 /tmp/claudetools-sudoers /etc/sudoers.d/claudetools
|
||||
echo "[OK] Passwordless sudo rules installed to /etc/sudoers.d/claudetools"
|
||||
|
||||
# Validate sudoers syntax
|
||||
if sudo visudo -c -f /etc/sudoers.d/claudetools; then
|
||||
echo "[OK] Sudoers syntax validated"
|
||||
else
|
||||
echo "[ERROR] Sudoers syntax validation failed!"
|
||||
sudo rm /etc/sudoers.d/claudetools
|
||||
echo "[OK] Removed broken sudoers file"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Enable Touch ID for sudo (fallback for other operations)
|
||||
if ! grep -q "pam_tid.so" /etc/pam.d/sudo 2>/dev/null; then
|
||||
echo "[INFO] Enabling Touch ID for sudo..."
|
||||
sudo sed -i '' '2i\
|
||||
auth sufficient pam_tid.so
|
||||
' /etc/pam.d/sudo
|
||||
echo "[OK] Touch ID enabled for sudo"
|
||||
else
|
||||
echo "[OK] Touch ID already enabled for sudo"
|
||||
fi
|
||||
|
||||
# Clean up
|
||||
rm -f /tmp/claudetools-sudoers
|
||||
|
||||
echo ""
|
||||
echo "[SUCCESS] Sudo configuration complete!"
|
||||
echo ""
|
||||
echo "What was configured:"
|
||||
echo " - Passwordless sudo for GuruRMM agent installation/management"
|
||||
echo " - Passwordless sudo for reading GuruRMM logs"
|
||||
echo " - Touch ID authentication for other sudo operations"
|
||||
echo ""
|
||||
echo "ClaudeTools can now install the GuruRMM agent without password prompts."
|
||||
66
temp/setup-sudo-for-claudetools.sh
Executable file
66
temp/setup-sudo-for-claudetools.sh
Executable file
@@ -0,0 +1,66 @@
|
||||
#!/bin/bash
|
||||
# Bootstrap script to configure sudo for ClaudeTools operations
|
||||
# Run this ONCE with: bash temp/setup-sudo-for-claudetools.sh
|
||||
|
||||
set -e
|
||||
|
||||
echo "[INFO] Setting up passwordless sudo for ClaudeTools operations..."
|
||||
|
||||
# Create sudoers rule for ClaudeTools/GuruRMM operations
|
||||
cat > /tmp/claudetools-sudoers << 'EOF'
|
||||
# ClaudeTools passwordless sudo rules
|
||||
# Allows specific operations without password prompt
|
||||
|
||||
# GuruRMM agent installation and management
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Application Support/GuruRMM
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Logs/GuruRMM
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/target/release/gururmm-agent /usr/local/bin/gururmm-agent
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/agent.toml /Library/Application Support/GuruRMM/agent.toml
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod +x /usr/local/bin/gururmm-agent
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod 644 /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown root:wheel /usr/local/bin/gururmm-agent
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown root:wheel /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown -R root:wheel /Library/Application Support/GuruRMM
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tee /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl load /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl unload /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl start com.azcomputerguru.gururmm
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl stop com.azcomputerguru.gururmm
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl list
|
||||
|
||||
# General file operations for ClaudeTools
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cat /Library/Logs/GuruRMM/*
|
||||
azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tail -f /Library/Logs/GuruRMM/*
|
||||
EOF
|
||||
|
||||
# Install sudoers rule
|
||||
sudo install -m 0440 /tmp/claudetools-sudoers /etc/sudoers.d/claudetools
|
||||
echo "[OK] Passwordless sudo rules installed to /etc/sudoers.d/claudetools"
|
||||
|
||||
# Validate sudoers syntax
|
||||
sudo visudo -c -f /etc/sudoers.d/claudetools
|
||||
echo "[OK] Sudoers syntax validated"
|
||||
|
||||
# Enable Touch ID for sudo (fallback for other operations)
|
||||
if ! grep -q "pam_tid.so" /etc/pam.d/sudo 2>/dev/null; then
|
||||
echo "[INFO] Enabling Touch ID for sudo..."
|
||||
sudo sed -i '' '2i\
|
||||
auth sufficient pam_tid.so
|
||||
' /etc/pam.d/sudo
|
||||
echo "[OK] Touch ID enabled for sudo"
|
||||
else
|
||||
echo "[OK] Touch ID already enabled for sudo"
|
||||
fi
|
||||
|
||||
# Clean up
|
||||
rm -f /tmp/claudetools-sudoers
|
||||
|
||||
echo ""
|
||||
echo "[SUCCESS] Sudo configuration complete!"
|
||||
echo ""
|
||||
echo "What was configured:"
|
||||
echo " - Passwordless sudo for GuruRMM agent installation/management"
|
||||
echo " - Passwordless sudo for reading GuruRMM logs"
|
||||
echo " - Touch ID authentication for other sudo operations"
|
||||
echo ""
|
||||
echo "ClaudeTools can now install the GuruRMM agent without password prompts."
|
||||
Reference in New Issue
Block a user