Last active
October 31, 2024 19:34
-
-
Save RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70 to your computer and use it in GitHub Desktop.
Use TouchID for sudo on modern MacBook Pro machines
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# curl -sL https://gist.githubusercontent.com/RichardBronosky/31660eb4b0f0ba5e673b9bc3c9148a70/raw/touchid_sudo.sh | bash | |
# This script is ready to copy-paste in whole, or just the line above (without the leading #) | |
# Use TouchID for sudo on modern MacBook Pro machines | |
# This script adds a single line to the top of the PAM configuration for sudo | |
# See: https://apple.stackexchange.com/q/259093/41827 for more info. | |
touchid_sudo(){ | |
sudo bash -eu <<'EOF' | |
file=/etc/pam.d/sudo | |
# A backup file will be created with the pattern /etc/pam.d/.sudo.1 | |
# (where 1 is the number of backups, so that rerunning this doesn't make you lose your original) | |
bak=$(dirname $file)/.$(basename $file).$(echo $(ls $(dirname $file)/{,.}$(basename $file)* | wc -l)) | |
cp $file $bak | |
awk -v is_done='pam_tid' -v rule='auth sufficient pam_tid.so' ' | |
{ | |
# $1 is the first field | |
# !~ means "does not match pattern" | |
if($1 !~ /^#.*/){ | |
line_number_not_counting_comments++ | |
} | |
# $0 is the whole line | |
if(line_number_not_counting_comments==1 && $0 !~ is_done){ | |
print rule | |
} | |
}' > $file < $bak | |
EOF | |
} | |
touchid_sudo |
For Mac os x somona you should now do sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local
and adjust the sudo_local
file (which will not be overwritten anymore!): https://jc0b.computer/posts/enabling-touchid-for-sudo-macos-sonoma/
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I kinda wish I could star this again... super helpful since it needs to be ran after every update.