Index: scripts/lockdown.sh
===================================================================
diff -u -r01b9447a564c79628976078d442b8fa198adec97 -r20ab6dc6236a0866e699e1c2bfa61be4ae413f2f
--- scripts/lockdown.sh	(.../lockdown.sh)	(revision 01b9447a564c79628976078d442b8fa198adec97)
+++ scripts/lockdown.sh	(.../lockdown.sh)	(revision 20ab6dc6236a0866e699e1c2bfa61be4ae413f2f)
@@ -121,6 +121,52 @@
 }
 
 ############################################################################
+# Allow the denali app to run specific commands as root.
+#
+# Globals:
+#   None
+# Arguments:
+#   None
+# Outputs:
+#   None
+############################################################################
+function updateSudoers() {
+
+  # Allow the denali user to execute specific commands as root.
+  echo "
+
+# Allow the denali user to execute specific commands as root.
+denali ALL=(root) NOPASSWD: /usr/bin/bluetoothctl
+denali ALL=(root) NOPASSWD: /usr/bin/tee *
+denali ALL=(root) NOPASSWD: /bin/date -s *
+denali ALL=(root) NOPASSWD: /sbin/hwclock -w
+denali ALL=(root) NOPASSWD: /bin/sed -i *
+denali ALL=(root) NOPASSWD: /bin/systemctl stop wpa_supplicant@*
+denali ALL=(root) NOPASSWD: /bin/systemctl restart wpa_supplicant@*
+denali ALL=(root) NOPASSWD: /bin/rm -f /etc/wpa_supplicant/wpa_supplicant-*
+denali ALL=(root) NOPASSWD: /sbin/ip link set *
+denali ALL=(root) NOPASSWD: /sbin/ip route show
+denali ALL=(root) NOPASSWD: /sbin/ip route del default
+denali ALL=(root) NOPASSWD: /sbin/ip route add default via *
+denali ALL=(root) NOPASSWD: /sbin/ip link set *
+denali ALL=(root) NOPASSWD: /usr/bin/wpa_passphrase *
+denali ALL=(root) NOPASSWD: /sbin/ifconfig *
+denali ALL=(root) NOPASSWD: /sbin/iwconfig wlan0
+denali ALL=(root) NOPASSWD: /usr/bin/killall udhcpc
+denali ALL=(root) NOPASSWD: /sbin/udhcpc --timeout=5 --retries=1 -n -i *
+denali ALL=(root) NOPASSWD: /usr/sbin/rfkill unblock wifi
+denali ALL=(root) NOPASSWD: /usr/sbin/rfkill block wifi
+denali ALL=(root) NOPASSWD: /sbin/iwlist *
+denali ALL=(root) NOPASSWD: /bin/ping -I *
+denali ALL=(root) NOPASSWD: /usr/bin/mount *
+denali ALL=(root) NOPASSWD: /usr/bin/umount *
+denali ALL=(root) NOPASSWD: /bin/mkdir *
+denali ALL=(root) NOPASSWD: /usr/sbin/cryptsetup *
+denali ALL=(root) NOPASSWD: /sbin/mkfs.ext4 *
+" >> /etc/sudoers
+}
+
+############################################################################
 # Turn on some ssh security.
 #
 # Globals:
@@ -217,6 +263,7 @@
   # permissions needed to make them work.
   moveCustomerAppFiles
   setPermissionsCustomerAppFiles
+  updateSudoers
 
   # Turn off root login in by ssh.
 #  secureSsh