Did you know Touch ID can be used for passwordless sudo in your terminal on macOS? You just need to add the following line into your /etc/pam.d/sudo file:
auth sufficient pam_tid.so
But there's one major problem: every time you upgrade macOS, the updater blows this change away.
This script helps you keep your /etc/pam.d/sudo up-to-date so you don't need to fix this file with every system upgrade.
Drop src/pam_tid/pam_tid.py somewhere on your file system. I keep mine at ~/.local/bin/pam_tid.py. I made mine executable with the following:
chmod u+x ~/.local/bin/pam_tid.pyAlternatively, pip install from github:
pip3 install --user git+https://github.com/angstwad/perpetual-touch-id-for-sudoOnce installed, get the path to it and use the path to it in the below shell function:
which pam_tid # probably something like ~/.local/bin/pam_tid?Add the following function into your shell rc file. Because I use bash, I appended this to my .bashrc:
function sudo {
${HOME}/.local/bin/pam_tid.py --check || echo "Enabling Touch ID for sudo..."; /usr/bin/sudo ${HOME}/.local/bin/pam_tid.py
/usr/bin/sudo "$@"
}That's it! Now if you try to run sudo and the Touch ID isn't enabled, it'll fix it before proceeding.