Mike Swanson
94585fe426
Author: Mike Swanson Machine: Mikes-MacBook-Air.local Timestamp: 2026-04-19 19:34:27
67 lines
3.1 KiB
Bash
Executable File
67 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# Bootstrap script to configure sudo for ClaudeTools operations
|
|
# Run this ONCE with: bash temp/setup-sudo-for-claudetools.sh
|
|
|
|
set -e
|
|
|
|
echo "[INFO] Setting up passwordless sudo for ClaudeTools operations..."
|
|
|
|
# Create sudoers rule for ClaudeTools/GuruRMM operations
|
|
cat > /tmp/claudetools-sudoers << 'EOF'
|
|
# ClaudeTools passwordless sudo rules
|
|
# Allows specific operations without password prompt
|
|
|
|
# GuruRMM agent installation and management
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Application Support/GuruRMM
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/mkdir -p /Library/Logs/GuruRMM
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/target/release/gururmm-agent /usr/local/bin/gururmm-agent
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cp /Users/azcomputerguru/ClaudeTools/projects/msp-tools/guru-rmm/agent/agent.toml /Library/Application Support/GuruRMM/agent.toml
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod +x /usr/local/bin/gururmm-agent
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/chmod 644 /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown root:wheel /usr/local/bin/gururmm-agent
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown root:wheel /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /usr/sbin/chown -R root:wheel /Library/Application Support/GuruRMM
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tee /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl load /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl unload /Library/LaunchDaemons/com.azcomputerguru.gururmm.plist
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl start com.azcomputerguru.gururmm
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl stop com.azcomputerguru.gururmm
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/launchctl list
|
|
|
|
# General file operations for ClaudeTools
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /bin/cat /Library/Logs/GuruRMM/*
|
|
azcomputerguru ALL=(ALL) NOPASSWD: /usr/bin/tail -f /Library/Logs/GuruRMM/*
|
|
EOF
|
|
|
|
# Install sudoers rule
|
|
sudo install -m 0440 /tmp/claudetools-sudoers /etc/sudoers.d/claudetools
|
|
echo "[OK] Passwordless sudo rules installed to /etc/sudoers.d/claudetools"
|
|
|
|
# Validate sudoers syntax
|
|
sudo visudo -c -f /etc/sudoers.d/claudetools
|
|
echo "[OK] Sudoers syntax validated"
|
|
|
|
# Enable Touch ID for sudo (fallback for other operations)
|
|
if ! grep -q "pam_tid.so" /etc/pam.d/sudo 2>/dev/null; then
|
|
echo "[INFO] Enabling Touch ID for sudo..."
|
|
sudo sed -i '' '2i\
|
|
auth sufficient pam_tid.so
|
|
' /etc/pam.d/sudo
|
|
echo "[OK] Touch ID enabled for sudo"
|
|
else
|
|
echo "[OK] Touch ID already enabled for sudo"
|
|
fi
|
|
|
|
# Clean up
|
|
rm -f /tmp/claudetools-sudoers
|
|
|
|
echo ""
|
|
echo "[SUCCESS] Sudo configuration complete!"
|
|
echo ""
|
|
echo "What was configured:"
|
|
echo " - Passwordless sudo for GuruRMM agent installation/management"
|
|
echo " - Passwordless sudo for reading GuruRMM logs"
|
|
echo " - Touch ID authentication for other sudo operations"
|
|
echo ""
|
|
echo "ClaudeTools can now install the GuruRMM agent without password prompts."
|