Enable TouchID when using sudo on Mac Terminal!
When using Terminal on a Mac, you may use the sudo command, but it's a hassle to enter the password every time.
I'm using a MacBook Pro, so it's not a password
I wanted to be able to authenticate with TouchID, so I investigated how to do it.
There may be various methods, but I would like to summarize the methods that I could set.
Settings to enable TouchID when using sudo in Terminal
I have put together all the settings and commands used for Mac setup etc. in the following repository so that I can cross over multiple Mac.
The following article summarizes the automation of Mac settings.
I will write the code first.
# ①Enable user write permission sudo chmod u+w /etc/pam.d/ # ②Add `auth sufficient pam_tid.so` to 2nd line of `/etc/pam.d/sudo` sed -i '2s/^/auth sufficient pam_tid.son/' /etc/pam.d/sudo
The files involved in this authentication are located in
First, in ①, set the write permission for this file.
Initially, this file looks like this:
# sudo: auth account password session auth sufficient pam_smartcard.so auth required pam_opendirectory.so account required pam_permit.so password required pam_deny.so session required pam_permit.so
Write the following after the comment line in this file:
auth sufficient pam_tid.so
It's easiest to write code manually in sudo vi
For me, it's a hassle to set up a new Mac or reconfigure it during a clean install, so
It can be set with a command. That is the command ②.
I just learned for the first time that the
sed used when adding a character string to the specified line seems to behave differently on Linux and MacOS.
I couldn't use the
-i option, so I used Homebrew and
Install GNU sed with
brew install gnu-sed and make the
-i option available.
We also set an alias for alias
sed ='gsed' so that it can be called as
Now, by executing the command (2) above, you can add the specified wording to the specified location in the corresponding file without manually entering it.
In addition, the above installation settings etc. are set at the time of installing a series of homebrew tools to be executed first in the above Mac environment construction repository.
It's supposed to run when setting up a new Mac, and it's already set up with an alias, so you don't have to do anything extra.
It is defined in the following file with a function called setBiometricsAuthAsTouchID (it should work ...)
Now you don't have to enter the password every time you run sudo🎉