Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save alexg0/39eb038c704962bcf832c74a8c2cecd4 to your computer and use it in GitHub Desktop.
Save alexg0/39eb038c704962bcf832c74a8c2cecd4 to your computer and use it in GitHub Desktop.
Enable support for sudo via Apple Watch and Touch ID
#! /usr/bin/zsh
# https://gist.github.com/alexg0/39eb038c704962bcf832c74a8c2cecd4
enable_sudo_with_apple_watch_and_touch_id() {
PAMD_SUDO_PATH=/etc/pam.d/sudo
APPLE_WATCH_PAMID_LIBPATH=/usr/local/lib/pam/pam_watchid.so.2
# APPLE_WATCH_PAMID_URL=https://github.com/biscuitehh/pam-watchid
APPLE_WATCH_PAMID_URL=https://github.com/msanders/pam-watchid
APPLE_WATCH_PAMID_PATH=$HOME/src/pamid-applewatch
preserve_pamd_sudo() {
if ! test -f $PAMD_SUDO_PATH.orig
then
sudo cp $PAMD_SUDO_PATH ${PAMD_SUDO_PATH}.orig
fi
}
enable_apple_watch() {
if ! test -f $APPLE_WATCH_PAMID_LIBPATH
then
if ! test -d $APPLE_WATCH_PAMID_PATH
then
mkdir -p $(dirname $APPLE_WATCH_PAMID_PATH)
git clone $APPLE_WATCH_PAMID_URL $APPLE_WATCH_PAMID_PATH
fi
>&2 printf "${BGreen}INFO${NC}: Installing Apple Watch sudo extension. Enter your \
password when prompted.\n"
(cd $APPLE_WATCH_PAMID_PATH && sudo make install )
fi
if ! grep -q "pam_watchid.so" $PAMD_SUDO_PATH
then
>&2 printf "${BGreen}INFO${NC}: Enabling Apple Watch sudo extension. Enter your \
password when prompted.\n"
sudo sed -i.bak '1s/^/auth sufficient pam_watchid.so "reason=execute command as root"\n/' \
$PAMD_SUDO_PATH
fi
}
enable_touchid() {
if ! grep -q "pam_tid.so" /etc/pam.d/sudo
then
>&2 printf "${BGreen}INFO${NC}: Enabling Touch ID sudo extension. Enter your \
password when prompted.\n"
sudo sed -i.bak '1s/^/auth sufficient pam_tid.so "reason=execute command as root"\n/' \
$PAMD_SUDO_PATH
fi
}
preserve_pamd_sudo && enable_apple_watch && enable_touchid
}
enable_sudo_with_apple_watch_and_touch_id
@orgcontrib
Copy link

Another somewhat related gist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment