diff --git a/projects/msp-tools/guru-rmm b/projects/msp-tools/guru-rmm index babe502..69ed647 160000 --- a/projects/msp-tools/guru-rmm +++ b/projects/msp-tools/guru-rmm @@ -1 +1 @@ -Subproject commit babe5027f21589c19a6eca30ae6685e8837bab91 +Subproject commit 69ed6472c3059440b2cbe4cc89f77601f4812fd1 diff --git a/temp/setup-sudo-for-claudetools-fixed.sh b/temp/setup-sudo-for-claudetools-fixed.sh new file mode 100755 index 0000000..80bcb9b --- /dev/null +++ b/temp/setup-sudo-for-claudetools-fixed.sh @@ -0,0 +1,73 @@ +#!/bin/bash +# Bootstrap script to configure sudo for ClaudeTools operations (FIXED) +# Run this ONCE with: bash temp/setup-sudo-for-claudetools-fixed.sh + +set -e + +echo "[INFO] Setting up passwordless sudo for ClaudeTools operations..." + +# Create sudoers rule for ClaudeTools/GuruRMM operations +# NOTE: Sudoers doesn't handle paths with spaces well, so we use wildcards +cat > /tmp/claudetools-sudoers << 'EOF' +# ClaudeTools passwordless sudo rules +# Allows specific operations without password prompt + +# GuruRMM agent installation and management +azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Application* +azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Logs/GuruRMM +azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/target/release/gururmm-agent /usr/local/bin/gururmm-agent +azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/agent.toml /Library/Application*/GuruRMM/agent.toml +azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod +x /usr/local/bin/gururmm-agent +azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod * /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /usr/local/bin/gururmm-agent +azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /Library/Application*/GuruRMM +azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tee /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl load /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl unload /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl start com.azcomputerguru.gururmm +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl stop com.azcomputerguru.gururmm +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl list + +# General file operations for ClaudeTools +azcomputerguru ALL=(ALL) NOPASSWD: /bin/cat /Library/Logs/GuruRMM/* +azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tail /Library/Logs/GuruRMM/* +EOF + +# Install sudoers rule +sudo install -m 0440 /tmp/claudetools-sudoers /etc/sudoers.d/claudetools +echo "[OK] Passwordless sudo rules installed to /etc/sudoers.d/claudetools" + +# Validate sudoers syntax +if sudo visudo -c -f /etc/sudoers.d/claudetools; then + echo "[OK] Sudoers syntax validated" +else + echo "[ERROR] Sudoers syntax validation failed!" + sudo rm /etc/sudoers.d/claudetools + echo "[OK] Removed broken sudoers file" + exit 1 +fi + +# Enable Touch ID for sudo (fallback for other operations) +if ! grep -q "pam_tid.so" /etc/pam.d/sudo 2>/dev/null; then + echo "[INFO] Enabling Touch ID for sudo..." + sudo sed -i '' '2i\ +auth sufficient pam_tid.so +' /etc/pam.d/sudo + echo "[OK] Touch ID enabled for sudo" +else + echo "[OK] Touch ID already enabled for sudo" +fi + +# Clean up +rm -f /tmp/claudetools-sudoers + +echo "" +echo "[SUCCESS] Sudo configuration complete!" +echo "" +echo "What was configured:" +echo " - Passwordless sudo for GuruRMM agent installation/management" +echo " - Passwordless sudo for reading GuruRMM logs" +echo " - Touch ID authentication for other sudo operations" +echo "" +echo "ClaudeTools can now install the GuruRMM agent without password prompts." diff --git a/temp/setup-sudo-for-claudetools.sh b/temp/setup-sudo-for-claudetools.sh new file mode 100755 index 0000000..1b7bbc4 --- /dev/null +++ b/temp/setup-sudo-for-claudetools.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# Bootstrap script to configure sudo for ClaudeTools operations +# Run this ONCE with: bash temp/setup-sudo-for-claudetools.sh + +set -e + +echo "[INFO] Setting up passwordless sudo for ClaudeTools operations..." + +# Create sudoers rule for ClaudeTools/GuruRMM operations +cat > /tmp/claudetools-sudoers << 'EOF' +# ClaudeTools passwordless sudo rules +# Allows specific operations without password prompt + +# GuruRMM agent installation and management +azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Application Support/GuruRMM +azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Logs/GuruRMM +azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/target/release/gururmm-agent /usr/local/bin/gururmm-agent +azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/agent.toml /Library/Application Support/GuruRMM/agent.toml +azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod +x /usr/local/bin/gururmm-agent +azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod 644 /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown root:wheel /usr/local/bin/gururmm-agent +azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown root:wheel /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown -R root:wheel /Library/Application Support/GuruRMM +azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tee /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl load /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl unload /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl start com.azcomputerguru.gururmm +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl stop com.azcomputerguru.gururmm +azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl list + +# General file operations for ClaudeTools +azcomputerguru ALL=(ALL) NOPASSWD: /bin/cat /Library/Logs/GuruRMM/* +azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tail -f /Library/Logs/GuruRMM/* +EOF + +# Install sudoers rule +sudo install -m 0440 /tmp/claudetools-sudoers /etc/sudoers.d/claudetools +echo "[OK] Passwordless sudo rules installed to /etc/sudoers.d/claudetools" + +# Validate sudoers syntax +sudo visudo -c -f /etc/sudoers.d/claudetools +echo "[OK] Sudoers syntax validated" + +# Enable Touch ID for sudo (fallback for other operations) +if ! grep -q "pam_tid.so" /etc/pam.d/sudo 2>/dev/null; then + echo "[INFO] Enabling Touch ID for sudo..." + sudo sed -i '' '2i\ +auth sufficient pam_tid.so +' /etc/pam.d/sudo + echo "[OK] Touch ID enabled for sudo" +else + echo "[OK] Touch ID already enabled for sudo" +fi + +# Clean up +rm -f /tmp/claudetools-sudoers + +echo "" +echo "[SUCCESS] Sudo configuration complete!" +echo "" +echo "What was configured:" +echo " - Passwordless sudo for GuruRMM agent installation/management" +echo " - Passwordless sudo for reading GuruRMM logs" +echo " - Touch ID authentication for other sudo operations" +echo "" +echo "ClaudeTools can now install the GuruRMM agent without password prompts."