Last active
December 27, 2023 05:49
-
-
Save fraune/0831edc01fa89f46ce43b8bbc3761ac7 to your computer and use it in GitHub Desktop.
Enable a Macbook's Touch ID to authorize the `sudo` command in MacOS Terminal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sudo grep -q -F 'auth sufficient pam_tid.so' /etc/pam.d/sudo || sudo sed -i '' '2i\ | |
auth sufficient pam_tid.so | |
' /etc/pam.d/sudo |
@JorgeGarciaEnki I'm glad you asked!
The tricky part is that the sudo file needs your password to be edited. My solution was to check if the permission is set at shell login, and request your password to add the permission if not.
I came up with the following block of code. You should add it to your ~/.zshrc
file.
if grep -q 'auth sufficient pam_tid.so' /etc/pam.d/sudo; then
echo "Touch ID is enabled for sudo"
else
read "response?Touch ID is not enabled for sudo. Would you like to enable it now? [y/n]: "
if [[ "$response" == [yY] ]]; then
sudo grep -q -F 'auth sufficient pam_tid.so' /etc/pam.d/sudo || sudo sed -i '' '2i\
auth sufficient pam_tid.so
' /etc/pam.d/sudo
if grep -q 'auth sufficient pam_tid.so' /etc/pam.d/sudo; then
echo "'auth sufficient pam_tid.so' added to /etc/pam.d/sudo"
fi
else
echo "No modifications were made to /etc/pam.d/sudo"
fi
fi
Some final notes:
- I have only tested this with
zsh
auth sufficient pam_tid.so
should be the first permission in the list on your/etc/pam.d/sudo
file. If it's not, your password will still be prompted by the terminal.- If the permission doesn't work right away, try doing a full restart of your Mac
Great, thanks!
If anyone wants to get this running in bash, try changing the read
prompt:
read -p "Touch ID is not enabled for sudo. Would you like to enable it now? [y/n]: " response
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
This only works for some time, If you get updates you have to apply again. Is there a way to make it permanently?
Thanks.