Index: scripts/crypt_setup.sh
===================================================================
diff -u -r01b9447a564c79628976078d442b8fa198adec97 -r20ab6dc6236a0866e699e1c2bfa61be4ae413f2f
--- scripts/crypt_setup.sh	(.../crypt_setup.sh)	(revision 01b9447a564c79628976078d442b8fa198adec97)
+++ scripts/crypt_setup.sh	(.../crypt_setup.sh)	(revision 20ab6dc6236a0866e699e1c2bfa61be4ae413f2f)
@@ -65,9 +65,9 @@
 
 function checkOutput() {
     if [ "$3" == "" ]; then
-        out=`          sudo eval "$1" 2>&1`
+        out=`          eval "$1" 2>&1`
     else
-        out=`echo $3 | sudo eval "$1" 2>&1`
+        out=`echo $3 | eval "$1" 2>&1`
     fi
     if [ "$?" -ne 0 ]; then
         echo $out
@@ -77,27 +77,27 @@
 
 function unmount_luks_partition()
 {
-    checkOutput "umount               $LOC_VAR          " $ERR_CRYPTSETUP_UMOUNT
-    checkOutput "cryptsetup luksClose $LOC_DIR          " $ERR_CRYPTSETUP_CLOSE
+    checkOutput "sudo umount               $LOC_VAR          " $ERR_CRYPTSETUP_UMOUNT
+    checkOutput "sudo cryptsetup luksClose $LOC_DIR          " $ERR_CRYPTSETUP_CLOSE
 }
 
 function create_luks_partition()
 {
     umount_luks_partition
     
-    checkOutput "mkdir      -p         $LOC_VAR         " $ERR_CRYPTSETUP_CREATE_MKDIR
-    checkOutput "cryptsetup luksFormat $LOC_DEV         " $ERR_CRYPTSETUP_CREATE_FORMAT     $PASSWORD
-    checkOutput "cryptsetup luksOpen   $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_CREATE_OPEN       $PASSWORD
-    checkOutput "mkfs.ext4             $LOC_MAP         " $ERR_CRYPTSETUP_CREATE_MKFS
-    checkOutput "mount      -t ext4    $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_CREATE_MOUNT
+    checkOutput "sudo mkdir      -p         $LOC_VAR         " $ERR_CRYPTSETUP_CREATE_MKDIR
+    checkOutput "sudo cryptsetup luksFormat $LOC_DEV         " $ERR_CRYPTSETUP_CREATE_FORMAT     $PASSWORD
+    checkOutput "sudo cryptsetup luksOpen   $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_CREATE_OPEN       $PASSWORD
+    checkOutput "sudo mkfs.ext4             $LOC_MAP         " $ERR_CRYPTSETUP_CREATE_MKFS
+    checkOutput "sudo mount      -t ext4    $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_CREATE_MOUNT
 }
 
 function mount_luks_partition()
 {
     isEncrypted # if     encrypted  will continue else will exit with error
     isMounted   # if not mounted    will continue else will exit with error
-    checkOutput "cryptsetup luksOpen   $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_MOUNT_OPEN        $PASSWORD
-    checkOutput "mount      -t ext4    $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_MOUNT_MOUNT   
+    checkOutput "sudo cryptsetup luksOpen   $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_MOUNT_OPEN        $PASSWORD
+    checkOutput "sudo mount      -t ext4    $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_MOUNT_MOUNT   
 }
 
 function handleCommand() {
Index: scripts/lockdown.sh
===================================================================
diff -u -r01b9447a564c79628976078d442b8fa198adec97 -r20ab6dc6236a0866e699e1c2bfa61be4ae413f2f
--- scripts/lockdown.sh	(.../lockdown.sh)	(revision 01b9447a564c79628976078d442b8fa198adec97)
+++ scripts/lockdown.sh	(.../lockdown.sh)	(revision 20ab6dc6236a0866e699e1c2bfa61be4ae413f2f)
@@ -121,6 +121,52 @@
 }
 
 ############################################################################
+# Allow the denali app to run specific commands as root.
+#
+# Globals:
+#   None
+# Arguments:
+#   None
+# Outputs:
+#   None
+############################################################################
+function updateSudoers() {
+
+  # Allow the denali user to execute specific commands as root.
+  echo "
+
+# Allow the denali user to execute specific commands as root.
+denali ALL=(root) NOPASSWD: /usr/bin/bluetoothctl
+denali ALL=(root) NOPASSWD: /usr/bin/tee *
+denali ALL=(root) NOPASSWD: /bin/date -s *
+denali ALL=(root) NOPASSWD: /sbin/hwclock -w
+denali ALL=(root) NOPASSWD: /bin/sed -i *
+denali ALL=(root) NOPASSWD: /bin/systemctl stop wpa_supplicant@*
+denali ALL=(root) NOPASSWD: /bin/systemctl restart wpa_supplicant@*
+denali ALL=(root) NOPASSWD: /bin/rm -f /etc/wpa_supplicant/wpa_supplicant-*
+denali ALL=(root) NOPASSWD: /sbin/ip link set *
+denali ALL=(root) NOPASSWD: /sbin/ip route show
+denali ALL=(root) NOPASSWD: /sbin/ip route del default
+denali ALL=(root) NOPASSWD: /sbin/ip route add default via *
+denali ALL=(root) NOPASSWD: /sbin/ip link set *
+denali ALL=(root) NOPASSWD: /usr/bin/wpa_passphrase *
+denali ALL=(root) NOPASSWD: /sbin/ifconfig *
+denali ALL=(root) NOPASSWD: /sbin/iwconfig wlan0
+denali ALL=(root) NOPASSWD: /usr/bin/killall udhcpc
+denali ALL=(root) NOPASSWD: /sbin/udhcpc --timeout=5 --retries=1 -n -i *
+denali ALL=(root) NOPASSWD: /usr/sbin/rfkill unblock wifi
+denali ALL=(root) NOPASSWD: /usr/sbin/rfkill block wifi
+denali ALL=(root) NOPASSWD: /sbin/iwlist *
+denali ALL=(root) NOPASSWD: /bin/ping -I *
+denali ALL=(root) NOPASSWD: /usr/bin/mount *
+denali ALL=(root) NOPASSWD: /usr/bin/umount *
+denali ALL=(root) NOPASSWD: /bin/mkdir *
+denali ALL=(root) NOPASSWD: /usr/sbin/cryptsetup *
+denali ALL=(root) NOPASSWD: /sbin/mkfs.ext4 *
+" >> /etc/sudoers
+}
+
+############################################################################
 # Turn on some ssh security.
 #
 # Globals:
@@ -217,6 +263,7 @@
   # permissions needed to make them work.
   moveCustomerAppFiles
   setPermissionsCustomerAppFiles
+  updateSudoers
 
   # Turn off root login in by ssh.
 #  secureSsh