diff --git a/.rubocop.yml b/.rubocop.yml
new file mode 100644
index 0000000..4275fff
--- /dev/null
+++ b/.rubocop.yml
@@ -0,0 +1,7 @@
+AllCops:
+  Exclude:
+    - .kitchen/*
+    - vendor/**/*
+
+LineLength:
+  Max: 120
diff --git a/attributes/default.rb b/attributes/default.rb
index 67245a6..295729b 100644
--- a/attributes/default.rb
+++ b/attributes/default.rb
@@ -27,3 +27,7 @@
 default['homebrew']['installer']['url'] = 'https://raw.githubusercontent.com/Homebrew/install/master/install'
 default['homebrew']['installer']['checksum'] = nil
 default['homebrew']['enable-analytics'] = true
+default['homebrew']['sudo']['commands'] =
+  %w( /bin/chmod /usr/sbin/chown /bin/mkdir /usr/bin/chgrp /usr/bin/touch
+  /usr/sbin/softwareupdate /bin/rm
+  )
diff --git a/recipes/default.rb b/recipes/default.rb
index feab10e..74a45cf 100644
--- a/recipes/default.rb
+++ b/recipes/default.rb
@@ -30,11 +30,32 @@
   not_if { ::File.exist? '/usr/local/bin/brew' }
 end
 
-execute 'install homebrew' do
-  command homebrew_go
-  environment lazy { { 'HOME' => ::Dir.home(homebrew_owner), 'USER' => homebrew_owner } }
-  user homebrew_owner
-  not_if { ::File.exist? '/usr/local/bin/brew' }
+begin
+  template '/etc/sudoers.d/homebrew' do
+    source 'homebrew_sudo.erb'
+    variables (
+      lazy {
+        { :user => homebrew_owner, :hostname => node['hostname'],
+          :commands => node['homebrew']['sudo']['commands'] }
+      }
+    )
+    action :create
+    mode '00644'
+    user 'root'
+    group 'wheel'
+    not_if { (::File.exist? '/usr/local/bin/brew') || node['homebrew']['sudo']['commands'].empty? }
+  end
+
+  execute 'install homebrew' do
+    command "#{homebrew_go} < /dev/null"
+    environment lazy { { 'HOME' => ::Dir.home(homebrew_owner), 'USER' => homebrew_owner } }
+    user homebrew_owner
+    not_if { ::File.exist? '/usr/local/bin/brew' }
+  end
+ensure
+  file '/etc/sudoers.d/homebrew' do
+    action :delete
+  end
 end
 
 execute 'set analytics' do
diff --git a/templates/default/homebrew_sudo.erb b/templates/default/homebrew_sudo.erb
new file mode 100644
index 0000000..6617e6b
--- /dev/null
+++ b/templates/default/homebrew_sudo.erb
@@ -0,0 +1,3 @@
+<% @commands.each do |command| %>
+<%= @user %> <%= @hostname %>=(root) NOPASSWD: <%= command %>
+<% end %>