Fix Darwin Scripts and Document Sudo

Changes: * Use sudo in service.sh for Darwin to find user services if not running as root * Fix parsing the output of softwareupdate command on Darwin in update.sh * Better document usage of sudo in docs/Sudo.md
2025-01-25 15:11:30 -05:00 · 2025-01-25 15:11:30 -05:00 · 653ee79a67
commit 653ee79a67
parent a24e4c8ee5
7 changed files with 84 additions and 18 deletions
--- a/docs/Sudo.md
+++ b/docs/Sudo.md
@ -0,0 +1,45 @@
+# Sudo Usage
+
+Some commands may need to use sudo or doas to execute. Below is documentation
+for those cases.
+
+## MacOS/Darwin service.sh
+
+The service.sh script searches users' home directories and a splunk user does
+not have rights to do that.
+
+Create a file like /etc/sudoers.d/splunk and add:
+
+```
+splunk ALL=(root) NOPASSWD: /usr/bin/find /Users -name loginwindow.plist
+```
+
+## Docker
+
+Either add the splunk user to the docker group or run the command with sudo.
+To make sudo work, create a file like /etc/sudoers.d/splunk and add:
+
+```
+splunk ALL=(root) NOPASSWD: /usr/bin/docker stats --no-stream --no-trunc --all
+splunk ALL=(root) NOPASSWD: /usr/bin/docker ps --all --no-trunc --format *
+splunk ALL=(root) NOPASSWD: /usr/bin/docker inspect -f *
+```
+
+## Debian/Ubuntu apt update
+
+A splunk user does not have the ability to update the package cache.
+To make sudo work, create a file like /etc/sudoers.d/splunk and add:
+
+```
+splunk ALL=(root) NOPASSWD: /usr/bin/apt update
+```
+
+## Arch Linux pacman update cache
+
+A splunk user does not have the ability to update the package cache.
+To make sudo work, create a file like /etc/sudoers.d/splunk and add:
+
+```
+splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy
+```
+