Skip to content

Instantly share code, notes, and snippets.

@RichardBronosky
Last active October 31, 2024 19:34
Show Gist options
  • Save RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70 to your computer and use it in GitHub Desktop.
Save RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70 to your computer and use it in GitHub Desktop.
Use TouchID for sudo on modern MacBook Pro machines
#!/bin/bash
# curl -sL https://gist.githubusercontent.com/RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70/raw/touchid_sudo.sh | bash
# This script is ready to copy-paste in whole, or just the line above (without the leading #)
# Use TouchID for sudo on modern MacBook Pro machines
# This script adds a single line to the top of the PAM configuration for sudo
# See: https://apple.stackexchange.com/q/259093/41827 for more info.
touchid_sudo(){
sudo bash -eu <<'EOF'
file=/etc/pam.d/sudo
# A backup file will be created with the pattern /etc/pam.d/.sudo.1
# (where 1 is the number of backups, so that rerunning this doesn't make you lose your original)
bak=$(dirname $file)/.$(basename $file).$(echo $(ls $(dirname $file)/{,.}$(basename $file)* | wc -l))
cp $file $bak
awk -v is_done='pam_tid' -v rule='auth sufficient pam_tid.so' '
{
# $1 is the first field
# !~ means "does not match pattern"
if($1 !~ /^#.*/){
line_number_not_counting_comments++
}
# $0 is the whole line
if(line_number_not_counting_comments==1 && $0 !~ is_done){
print rule
}
print
}' > $file < $bak
EOF
}
touchid_sudo
@cdracars
Copy link

I kinda wish I could star this again... super helpful since it needs to be ran after every update.

@jankatins
Copy link

For Mac os x somona you should now do sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local and adjust the sudo_local file (which will not be overwritten anymore!): https://jc0b.computer/posts/enabling-touchid-for-sudo-macos-sonoma/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment