diff --git a/docs/POST-INSTALL.md b/docs/POST-INSTALL.md
new file mode 100644
index 00000000..3b507523
--- /dev/null
+++ b/docs/POST-INSTALL.md
@@ -0,0 +1,14 @@
+## Post-Installation
+
+The script has finished provisioning. Enjoy! You can review the installation logs which are stored at `~/.local/share/megabyte-labs/betelgeuse.$(date +%s).log`. If you come across any issues, have some good ideas, or want to get involved, feel free to open an issue on [GitHub](https://github.com/megabyte-labs/install.doctor). Pull requests / stars are welcome too.
+
+### Next Steps
+
+1. Fork the project so you can add your own customizations (using the method described at the top of the README.md)
+2. Review the [README.md](https://github.com/megabyte-labs/install.doctor) for a high-level overview
+3. Utilize the [documentation](https://install.doctor/docs) for more thorough details
+4. Check out the [Chezmoi documentation](https://www.chezmoi.io/) (since this project utilizes it heavily)
+5. Open a pull request with your own improvements if you want to contribute
+6. Visit [Megabyte Labs](https://megabyte.space) to see what else we are up to
+
+**bZ out**
diff --git a/home/dot_local/bin/executable_provision.tmpl b/home/dot_local/bin/executable_provision.tmpl
index 020c0d80..36d6f0b4 100644
--- a/home/dot_local/bin/executable_provision.tmpl
+++ b/home/dot_local/bin/executable_provision.tmpl
@@ -10,6 +10,15 @@
 
 {{ includeTemplate "universal/logg" }}
 
+### Prompt for sudo password and (optionally) enable passwordless sudo
+sudo -n true || SUDO_EXIT_CODE=$?
+if [ -n "$SUDO_EXIT_CODE" ]; then
+  logg info 'Your user will temporarily be granted passwordless sudo for the duration of the script'
+  logg info 'Press `CTRL+C` to bypass this prompt to either enter your password when needed or perform a non-privileged installation'
+  logg info 'Note: Non-privileged installations are not yet supported'
+  echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers
+fi
+
 ### Ensure ~/.local/share/megabyte-labs is a directory
 if [ ! -d "${XDG_DATA_DIR:-$HOME/.local/share}/megabyte-labs" ]; then
   mkdir -p "${XDG_DATA_DIR:-$HOME/.local/share}/megabyte-labs"
@@ -288,3 +297,27 @@ else
     chezmoi apply $DEBUG_MODIFIER -k 2>&1 | tee "${XDG_DATA_DIR:-$HOME/.local/share}/megabyte-labs/betelgeuse.$(date +%s).log"
   fi
 fi
+
+### Ensure gsed is available on macOS (for modifying /etc/sudoers to remove passwordless sudo)
+if [ -d /Applications ] && [ -d /System ]; then
+  if ! command -v gsed > /dev/null; then
+    if command -v brew > /dev/null; then
+      brew install gsed
+    else
+      logg warn 'Homebrew is not available and passwordless sudo might still be enabled in /etc/sudoers. Modify the file manually if you wish to disable passwordless sudo.'
+    fi
+  fi
+fi
+
+### Remove temporary passwordless sudo privileges
+if command -v gsed > /dev/null; then
+  sudo gsed -i '/# TEMPORARY FOR INSTALL DOCTOR/d' /etc/sudoers
+else
+  sudo sed -i '/# TEMPORARY FOR INSTALL DOCTOR/d' /etc/sudoers
+fi
+
+logg success 'Provisioning complete!'
+
+if command -v glow > /dev/null && [ -f "$HOME/.local/share/chezmoi/docs/POST-INSTALL.md" ]; then
+  glow "$HOME/.local/share/chezmoi/docs/POST-INSTALL.md"
+fi
diff --git a/local/provision.sh b/local/provision.sh
index 61a27b96..3a55403c 100644
--- a/local/provision.sh
+++ b/local/provision.sh
@@ -8,6 +8,15 @@
 #   ~/.local/share/chezmoi. Finally, it begins the TUI experience by displaying styled documentation, prompts, and finishes
 #   by calling the appropriate Chezmoi commands.
 
+### Prompt for sudo password and (optionally) enable passwordless sudo
+sudo -n true || SUDO_EXIT_CODE=$?
+if [ -n "$SUDO_EXIT_CODE" ]; then
+  logg info 'Your user will temporarily be granted passwordless sudo for the duration of the script'
+  logg info 'Press `CTRL+C` to bypass this prompt. You will either enter your password when needed or perform a non-privileged installation'
+  logg info 'Note: Non-privileged installations are not yet supported - pull requests welcome'
+  echo "$(whoami) ALL=(ALL:ALL) NOPASSWD: ALL # TEMPORARY FOR INSTALL DOCTOR" | sudo tee -a /etc/sudoers
+fi
+
 ### Ensure ~/.local/share/megabyte-labs is a directory
 if [ ! -d "${XDG_DATA_DIR:-$HOME/.local/share}/megabyte-labs" ]; then
   mkdir -p "${XDG_DATA_DIR:-$HOME/.local/share}/megabyte-labs"
@@ -453,3 +462,27 @@ else
     chezmoi apply $DEBUG_MODIFIER -k 2>&1 | tee "${XDG_DATA_DIR:-$HOME/.local/share}/megabyte-labs/betelgeuse.$(date +%s).log"
   fi
 fi
+
+### Ensure gsed is available on macOS (for modifying /etc/sudoers to remove passwordless sudo)
+if [ -d /Applications ] && [ -d /System ]; then
+  if ! command -v gsed > /dev/null; then
+    if command -v brew > /dev/null; then
+      brew install gsed
+    else
+      logg warn 'Homebrew is not available and passwordless sudo might still be enabled in /etc/sudoers. Modify the file manually if you wish to disable passwordless sudo.'
+    fi
+  fi
+fi
+
+### Remove temporary passwordless sudo privileges
+if command -v gsed > /dev/null; then
+  sudo gsed -i '/# TEMPORARY FOR INSTALL DOCTOR/d' /etc/sudoers
+else
+  sudo sed -i '/# TEMPORARY FOR INSTALL DOCTOR/d' /etc/sudoers
+fi
+
+logg success 'Provisioning complete!'
+
+if command -v glow > /dev/null && [ -f "$HOME/.local/share/chezmoi/docs/POST-INSTALL.md" ]; then
+  glow "$HOME/.local/share/chezmoi/docs/POST-INSTALL.md"
+fi