Permanent TouchID support 👆 for `sudo`.
Native and reliable TouchID support for sudo
curl -sL git.io/sudo-touch-id | sh
Now sudo is great, just like Safari — with your fingerprint in Terminal or whatever you're on.
Don't worry, you can also reverse it without installing
Please note: without full installation, TouchID for
sudo
will be disabled after the next macOS update.
Result:
Just type git.io/sudotouchid
to go here.
brew install artginzburg/tap/sudo-touchid
sudo brew services start sudo-touchid
Check out the formula if you're interested
curl
curl -sL git.io/sudo-touchid | sh
curl
is pre-installed in macOS
Performs automated "manual" installation.
The installation process:
sudo-touchid
command available.launchd
daemon with RunAtLoad key set to true), so that when a macOS update erases our custom sudo
configuration, sudo-touchid
fixes it again.sudo-touchid [options]
# Running without options adds TouchID parameter to sudo configuration
[-v, --version] # Output installed version
# Commands:
[-d, --disable] # Removes TouchID from sudo config
if not installed, can be used via curl
bundled with macOS
sh <( curl -sL git.io/sudo-touch-id ) [options]
# Reliability — check :)
[-d, --disable] # Removes TouchID from sudo config
Productivity
macOS updates do reset /etc/pam.d/sudo
, so previously users had to manually edit the file after each upgrade.
This tool was born to automate the process, allowing for TouchID sudo auth to be quickly enabled on a new/clean system.
Spreading the technology.
I bet half of you didn't know.
It was there for a long time.
Lightness
The script is small, doesn't need any builds, doesn't need XCode.
sudo-touchid.sh
— the script:Adds auth sufficient pam_tid.so
to the top of /etc/pam.d/sudo
file following @cabel's advice
Creates a backup file named sudo.bak
.
Has a --disable
(-d
) option that performs the opposite of the steps above.
com.user.sudo-touchid.plist
— the property list (global daemon):Runs sudo-touchid.sh
on system reload
Needed because any following macOS updates just wipe out our custom
sudo
.
install.sh
— the installer:Saves sudo-touchid.sh
as /usr/local/bin/sudo-touchid
and gives it the permission to execute.
(yes, that also means you're able to run
sudo-touchid
from Terminal)
Saves com.user.sudo-touchid.plist
to /Library/LaunchDaemons/
so that it's running on boot (requires root permission).
sudo-touchid.sh
anywhere else and replace /usr/local/bin
in com.user.sudo-touchid.plist
with the chosen path.If you don't like something — change it or inform the ones willing to help.
sudo
%admin ALL=(ALL) ALL
to %admin ALL=(ALL) NOPASSWD: ALL
in /etc/sudoers
tmux