Created
September 24, 2025 22:57
-
-
Save Aeron/0829b224809fcefc53e14d4fb187b98b to your computer and use it in GitHub Desktop.
A simple shell script to enable the Touch ID authentication for sudo commands on macOS 14+.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| # Checking whether the platform is right | |
| [ "$(uname -s)" = "Darwin" ] || { echo "Not macOS (Darwin)" >&2; exit 1; } | |
| # Checking whether the version is right | |
| version=$(sw_vers -productVersion) | |
| [ "${version%%.*}" -ge 14 ] || { echo "Require macOS 14+" >&2; exit 1; } | |
| # Setting the desired target and its content | |
| line='auth sufficient pam_tid.so' | |
| target='/etc/pam.d/sudo_local' | |
| [ -f "$target" ] && { echo "The $target file already exists; Please, review it manually" >&2; exit 1; } | |
| # Writing the target content and setting the correct rights | |
| echo "Writing $target" | |
| sudo tee "$target" >/dev/null <<< "$line" | |
| sudo chmod 444 "$target" | |
| echo 'Now you can use Touch ID for sudo' |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Alternatively, you can simply copy the
/etc/pam.d/sudo_local.template(as/etc/pam.d/sudo_local) and uncomment the 3rd line. But the script does not rely on the template file.To disable Touch ID for sudo, remove
/etc/pam.d/sudo_local. But be careful and double-check the file path; it should be thesudo_localfile, nothing else. If you don’t want to risk it, you can simply comment theauth sufficient pam_tid.soline inside.