mike/TA-unix
1
0
Fork 0
Code Issues Pull requests Projects Releases 15 Packages Wiki Activity Actions
TA-unix/docs/Sudo.md
Michael Erdely 653ee79a67
Fix Darwin Scripts and Document Sudo 
Changes:

* Use sudo in service.sh for Darwin to find user services if not running as root
* Fix parsing the output of softwareupdate command on Darwin in update.sh
* Better document usage of sudo in docs/Sudo.md
2025-01-25 15:11:30 -05:00

1.2 KiB
Raw Permalink Blame History

Sudo Usage

Some commands may need to use sudo or doas to execute. Below is documentation for those cases.

MacOS/Darwin service.sh

The service.sh script searches users' home directories and a splunk user does not have rights to do that.

Create a file like /etc/sudoers.d/splunk and add:

splunk ALL=(root) NOPASSWD: /usr/bin/find /Users -name loginwindow.plist

Docker

Either add the splunk user to the docker group or run the command with sudo. To make sudo work, create a file like /etc/sudoers.d/splunk and add:

splunk ALL=(root) NOPASSWD: /usr/bin/docker stats --no-stream --no-trunc --all
splunk ALL=(root) NOPASSWD: /usr/bin/docker ps --all --no-trunc --format *
splunk ALL=(root) NOPASSWD: /usr/bin/docker inspect -f *

Debian/Ubuntu apt update

A splunk user does not have the ability to update the package cache. To make sudo work, create a file like /etc/sudoers.d/splunk and add:

splunk ALL=(root) NOPASSWD: /usr/bin/apt update

Arch Linux pacman update cache

A splunk user does not have the ability to update the package cache. To make sudo work, create a file like /etc/sudoers.d/splunk and add:

splunk ALL=(root) NOPASSWD: /usr/bin/pacman -Syy