Skip to content

Instantly share code, notes, and snippets.

@BR0kEN-
Created February 19, 2022 00:37
Show Gist options
  • Save BR0kEN-/b9116bb2285862f719f6b2b1d41c6bd2 to your computer and use it in GitHub Desktop.
Save BR0kEN-/b9116bb2285862f719f6b2b1d41c6bd2 to your computer and use it in GitHub Desktop.
macOS: Enable Touch ID in CLI after reboot

Many of those who have enabled Touch ID for Terminal/iTerm found out that the /etc/pam.d/sudo is reverted to its original state after reboot.

Setting the permission to edit the file, adding a necessary line, and reverting the permission back are all trivial operations that can be automated.

If you are a bash user, add these lines to your .bash_profile:

ensure_touch_id() {
    local AUTH_FILE_PATH="/etc/pam.d/sudo"
    local AUTH_FILE_LINES=()
    local EXTENSION_NAME="pam_tid.so"
    local EXTENSION_ADDED=false

    if ! grep "$EXTENSION_NAME" "$AUTH_FILE_PATH" > /dev/null; then
        sudo chmod 666 "$AUTH_FILE_PATH"

        while read -r LINE; do
            AUTH_FILE_LINES+=("$LINE")

            if ! "$EXTENSION_ADDED" && [[ "$LINE" =~ ^# ]]; then
                AUTH_FILE_LINES+=("auth       sufficient     $EXTENSION_NAME")
                EXTENSION_ADDED=true
            fi
        done < "$AUTH_FILE_PATH"

        printf "%s\n" "${AUTH_FILE_LINES[@]}" > "$AUTH_FILE_PATH"
        sudo chmod 444 "$AUTH_FILE_PATH"
    fi
}

ensure_touch_id

Opening a new tab/window in Terminal/iTerm will be followed by a check of a Touch ID enablement. If the configuration is present, the script won't be demanding any actions from you. Otherwise, a sudo password prompt appears, the script does the job, and you are good until the next reboot.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment