Fix Darwin Scripts and Document Sudo

Changes:

* Use sudo in service.sh for Darwin to find user services if not running as root
* Fix parsing the output of softwareupdate command on Darwin in update.sh
* Better document usage of sudo in docs/Sudo.md

docs/ReleaseNotes.md

@@ -1,5 +1,15 @@
 # Technical Add-on for Unix and Linux
 
+## Version 9.2.0.11 (2025-01-25)
+
+Fix Darwin Scripts and Document Sudo
+
+Changes:
+
+* Use sudo in service.sh for Darwin to find user services if not running as root
+* Fix parsing the output of softwareupdate command on Darwin in update.sh
+* Better document usage of sudo in docs/Sudo.md
+
 ## Version 9.2.0.10 (2025-01-25)
 
 Fix OpenBSD Support and Other Bugs

docs/Sudo.md

@@ -0,0 +1,45 @@
+# Sudo Usage
+
+Some commands may need to use sudo or doas to execute. Below is documentation
+for those cases.
+
+## MacOS/Darwin service.sh
+
+The service.sh script searches users' home directories and a splunk user does
+not have rights to do that.
+
+Create a file like /etc/sudoers.d/splunk and add:
+
+```
+splunk ALL=(root) NOPASSWD: /usr/bin/find /Users -name loginwindow.plist
+```
+
+## Docker
+
+Either add the splunk user to the docker group or run the command with sudo.
+To make sudo work, create a file like /etc/sudoers.d/splunk and add:
+
+```
+splunk ALL=(root) NOPASSWD: /usr/bin/docker stats --no-stream --no-trunc --all
+splunk ALL=(root) NOPASSWD: /usr/bin/docker ps --all --no-trunc --format *
+splunk ALL=(root) NOPASSWD: /usr/bin/docker inspect -f *
+```
+
+## Debian/Ubuntu apt update
+
+A splunk user does not have the ability to update the package cache.
+To make sudo work, create a file like /etc/sudoers.d/splunk and add:
+
+```
+splunk ALL=(root) NOPASSWD: /usr/bin/apt update
+```
+
+## Arch Linux pacman update cache
+
+A splunk user does not have the ability to update the package cache.
+To make sudo work, create a file like /etc/sudoers.d/splunk and add:
+
+```
+splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy
+```
+