From 53b8527e12fb867f155b857cf98692b7bfc541f3 Mon Sep 17 00:00:00 2001
From: "T. R. Bernstein" <137705289+trbernstein@users.noreply.github.com>
Date: Sat, 18 Oct 2025 00:18:15 +0200
Subject: [PATCH] Allow passwordless sudo during installation

---
 modules/04-install-brew.sh | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/modules/04-install-brew.sh b/modules/04-install-brew.sh
index 887c7a0..108802a 100755
--- a/modules/04-install-brew.sh
+++ b/modules/04-install-brew.sh
@@ -24,6 +24,23 @@ function ensureUserIsInAdminGroup() {
 	dseditgroup -o edit -a "${username}" -t user admin
 }
 
+function ensureUserCanRunPasswordlessSudo() {
+	local username=$1
+	local sudoersFile="/etc/sudoers.d/no-auth-sudo-for-${username}"
+	[[ -f ${sudoersFile} ]] && return
+	cat <<- SUDOERS > "${sudoersFile}"
+	Defaults:${username} !authenticate
+	SUDOERS
+	chown root:wheel "${sudoersFile}" || return 10
+	chmod u=rw,g=r,o= "${sudoersFile}" || return 20
+}
+
+function ensureUserCanNoLongerRunPasswordlessSudo() {
+	local username=$1
+	local sudoersFile="/etc/sudoers.d/no-auth-sudo-for-${username}"
+	[[ ! -f ${sudoersFile} ]] || rm ${sudoersFile}
+}
+
 function getFirstFreeRoleAccountID() {
 	local minUserID=450
 	local maxUserID=499
@@ -258,9 +275,11 @@ function configure_system() {
 	lop -y h1 -- -i 'Install System Homebrew'
 	createHomebrewUserIfNeccessary || return 10
 	indicateActivity 'Ensure Homebrew user is in admin group' ensureUserIsInAdminGroup ${homebrew_username} || return 11
+	indicateActivity 'Ensure Homebrew user can run passwordless sudo' ensureUserCanRunPasswordlessSudo ${homebrew_username} || return 12
 	ensureHomebrewCacheDirectory || return 13
 	ensureHomebrewLogDirectory || return 14
 	indicateActivity 'Install Homebrew core' installHomebrewCore || return 15
+	indicateActivity 'Ensure Homebrew user can nolonger run passwordless sudo' ensureUserCanNoLongerRunPasswordlessSudo ${homebrew_username} || return 20
 	indicateActivity 'Create brew caller script' createBrewCallerScript || return 16
 	indicateActivity 'Create brew periodic script' createBrewPeriodicScript || return 17
 	indicateActivity 'Install Homebrew updater' installHomebrewUpdater || return 18