Enable TouchID when using sudo on Mac Terminal!

Enable TouchID when using sudo on Mac Terminal!

When using Terminal on a Mac, you may use the sudo command, but it’s a hassle to enter the password every time.
I’m using a MacBook Pro, so it’s not a password
I wanted to be able to authenticate with TouchID, so I investigated how to do it.

There may be various methods, but I would like to summarize the methods that I could set.

Settings to enable TouchID when using sudo in Terminal

I have put together all the settings and commands used for Mac setup etc. in the following repository so that I can cross over multiple Mac.

GitHub

Link

u5-03/mac-setup

https://github.com/u5-03/mac-setup

Contribute to u5-03/mac-setup development by creating an account on GitHub.

U Log SugiyのLife Log

 

2 pockets

U Log SugiyのLife Log

https://ulog.sugiy.com/mac-environment-automation

日々調べり、挑戦したことをログとして残す

  # ①Enable user write permission
  sudo chmod u+w /etc/pam.d/
  # ②Add `auth       sufficient     pam_tid.so` to 2nd line of `/etc/pam.d/sudo`
  sed -i '2s/^/auth       sufficient     pam_tid.son/' /etc/pam.d/sudo

The files involved in this authentication are located in /etc/pam.d/.
First, in ①, set the write permission for this file.

Initially, this file looks like this:

# sudo: auth account password session
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Write the following after the comment line in this file:

auth sufficient pam_tid.so

It’s easiest to write code manually in sudo vi /etc/pam.d/sudo using vim,
For me, it’s a hassle to set up a new Mac or reconfigure it during a clean install, so
It can be set with a command. That is the command ②.

I just learned for the first time that the sed used when adding a character string to the specified line seems to behave differently on Linux and MacOS.
I couldn’t use the-i option, so I used Homebrew and
Install GNU sed with brew install gnu-sed and make the -i option available.
We also set an alias for alias sed ='gsed' so that it can be called as sed.

Now, by executing the command (2) above, you can add the specified wording to the specified location in the corresponding file without manually entering it.
In addition, the above installation settings etc. are set at the time of installing a series of homebrew tools to be executed first in the above Mac environment construction repository.
It’s supposed to run when setting up a new Mac, and it’s already set up with an alias, so you don’t have to do anything extra.

It is defined in the following file with a function called setBiometricsAuthAsTouchID (it should work …)

GitHub

Link

mac-setup/function-setting.sh at 8010da8c7429b29501f81a78265788a4b8dcea74 · u…

https://github.com/u5-03/mac-setup/blob/8010da8c7429b29501f81a78265788a4b8dcea74/Setting/functions/function-setting.sh#L11

Contribute to u5-03/mac-setup development by creating an account on GitHub.

Now you don’t have to enter the password every time you run sudo🎉

Reference

MacのTerminalでsudo実行時にタッチIDを使用する方法