Created
September 8, 2023 06:49
-
-
Save squatto/8ed816f2facb39ed4c106cec6a709f0e to your computer and use it in GitHub Desktop.
Ensure that Touch ID for sudo auth is enabled whenever the shell is loaded
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Ensure that Touch ID for sudo auth is enabled whenever the shell is loaded. | |
# | |
# IMPORTANT: This script will only work on macOS. | |
# | |
# [Description] | |
# macOS versions prior to Sonoma (released late 2023) overwrite | |
# the PAM configuration file for sudo (/etc/pam.d/sudo) every time the OS is updated. | |
# This means that any changes that you manually make to the file are lost, | |
# and you are reverted back to Touch ID for sudo auth being disabled. | |
# This script will automatically enable Touch ID for sudo auth whenever the shell is loaded. | |
# (assuming that you have sourced this script from your ~/.zshrc file) | |
# | |
# When macOS Sonoma is released in late 2023, this script will no longer be necessary | |
# because there is an official way to enable Touch ID for sudo auth that persists across OS updates. | |
# See here for more info: https://sixcolors.com/post/2023/08/in-macos-sonoma-touch-id-for-sudo-can-survive-updates/ | |
# | |
# [Installation] | |
# 1. Save this script to ~/.enable_sudo_touchid.zsh | |
# 2. Source this script from your ~/.zshrc file. | |
# Add the following as the very first thing in your ~/.zshrc file. | |
# If you are using Fig (https://fig.io/), then add it immediately after Fig's pre-block. | |
# | |
# ``` | |
# # Enable Touch ID for sudo auth | |
# # IMPORTANT: This script MUST BE sourced BEFORE Powerlevel10k or oh-my-zsh are sourced! | |
# [[ -f "$HOME/.enable_sudo_touchid.zsh" ]] && builtin source "$HOME/.enable_sudo_touchid.zsh" | |
# ``` | |
# | |
enable-sudo-touchid() { | |
if [[ "$(uname)" != 'Darwin' ]]; then | |
# this script only works on macOS | |
return | |
fi | |
if grep 'pam_tid.so' /etc/pam.d/sudo --silent; then | |
# Touch ID for sudo auth is already enabled | |
return | |
fi | |
# Touch ID for sudo auth is not enabled, so prompt the user to enable it | |
echo | |
echo "❗️ NOTICE ❗️" | |
echo "Touch ID for sudo auth is not currently enabled! 🙀" | |
echo "Enter your sudo password to enable it or press CTRL+C to return to your prompt." | |
echo | |
sudo sed -i -e '1s;^;auth sufficient pam_tid.so\n;' /etc/pam.d/sudo | |
echo | |
if grep 'pam_tid.so' /etc/pam.d/sudo --silent; then | |
echo "🔐 Touch ID for sudo auth has been enabled!" | |
else | |
echo "❌ Touch ID for sudo auth was not enabled" | |
fi | |
echo | |
} | |
# immediately call the function to ensure that | |
# Touch ID for sudo auth is enabled whenever the shell is loaded | |
enable-sudo-touchid |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment