Date: 2026-01-10 Status: Idea Tags: #security #macos #ai-tooling
When AI assistants (like Clawdbot) need to run commands requiring sudo, there's no good way to approve them remotely. Options are:
- Give AI full sudo access (dangerous)
- Be physically present to type password (defeats remote use)
- Pre-approve specific commands (inflexible)
A self-hosted sudo approval system with mobile notifications:
- PAM module intercepts sudo requests
- Local service receives the request, sends push notification
- Phone app shows: command, user, context → Approve/Deny
- PAM module receives response, allows or blocks
┌─────────────┐ ┌──────────────┐ ┌─────────────┐
│ sudo cmd │────▶│ PAM Module │────▶│ aisudo │
│ (terminal) │ │ (pam_aisudo) │ │ daemon │
└─────────────┘ └──────────────┘ └──────┬──────┘
│
Push notification │
▼
┌─────────────┐
│ Phone App │
│ (or Clawd │
│ iOS node) │
└─────────────┘
- Timeout - Auto-deny after X seconds
- Context - Show which AI/process requested it
- Logging - Full audit trail
- Allowlist - Pre-approve safe commands (optional)
- Integration - Could use Clawdbot iOS/Android node for notifications
- Notification channel must be authenticated
- Replay attack prevention (nonces)
- Rate limiting on requests
- Fallback to local password if service down
- Duo Security - Enterprise, not self-hosted
- Teleport - Overkill for personal use
- Custom PAM + webhook - DIY, this is basically that but polished
- macOS uses OpenPAM (BSD-style)
- PAM config:
/etc/pam.d/sudo - Could start as CLI tool, add GUI later
- Rust or Go for the daemon (security-critical)
- PAM module in C (required for PAM)
- Simple daemon with HTTP endpoint
- Telegram/Signal notification (before dedicated app)
- CLI to approve from phone via bot command