#!/bin/bash # Bootstrap script to configure sudo for ClaudeTools operations (FIXED) # Run this ONCE with: bash temp/setup-sudo-for-claudetools-fixed.sh set -e echo "[INFO] Setting up passwordless sudo for ClaudeTools operations..." # Create sudoers rule for ClaudeTools/GuruRMM operations # NOTE: Sudoers doesn't handle paths with spaces well, so we use wildcards cat > /tmp/claudetools-sudoers << 'EOF' # ClaudeTools passwordless sudo rules # Allows specific operations without password prompt # GuruRMM agent installation and management azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Application* azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Logs/GuruRMM azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/target/release/gururmm-agent /usr/local/bin/gururmm-agent azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/agent.toml /Library/Application*/GuruRMM/agent.toml azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod +x /usr/local/bin/gururmm-agent azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod * /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /usr/local/bin/gururmm-agent azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown * /Library/Application*/GuruRMM azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tee /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl load /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl unload /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl start com.azcomputerguru.gururmm azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl stop com.azcomputerguru.gururmm azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl list # General file operations for ClaudeTools azcomputerguru ALL=(ALL) NOPASSWD: /bin/cat /Library/Logs/GuruRMM/* azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tail /Library/Logs/GuruRMM/* EOF # Install sudoers rule sudo install -m 0440 /tmp/claudetools-sudoers /etc/sudoers.d/claudetools echo "[OK] Passwordless sudo rules installed to /etc/sudoers.d/claudetools" # Validate sudoers syntax if sudo visudo -c -f /etc/sudoers.d/claudetools; then echo "[OK] Sudoers syntax validated" else echo "[ERROR] Sudoers syntax validation failed!" sudo rm /etc/sudoers.d/claudetools echo "[OK] Removed broken sudoers file" exit 1 fi # Enable Touch ID for sudo (fallback for other operations) if ! grep -q "pam_tid.so" /etc/pam.d/sudo 2>/dev/null; then echo "[INFO] Enabling Touch ID for sudo..." sudo sed -i '' '2i\ auth sufficient pam_tid.so ' /etc/pam.d/sudo echo "[OK] Touch ID enabled for sudo" else echo "[OK] Touch ID already enabled for sudo" fi # Clean up rm -f /tmp/claudetools-sudoers echo "" echo "[SUCCESS] Sudo configuration complete!" echo "" echo "What was configured:" echo " - Passwordless sudo for GuruRMM agent installation/management" echo " - Passwordless sudo for reading GuruRMM logs" echo " - Touch ID authentication for other sudo operations" echo "" echo "ClaudeTools can now install the GuruRMM agent without password prompts."