Last active
July 27, 2023 05:21
-
-
Save jerm/1f689cce0fd61f8b014a5371b11c3b88 to your computer and use it in GitHub Desktop.
script for easily setting up sudo auth via touch-id
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # | |
| # I got tired of re-enabling this by hand every time there was a MacOS update, | |
| # so now it's a script. | |
| # | |
| # sudo ./touchsudo.sh | |
| # | |
| # REQUIRES iTerm2 unless you remove that part. Why? Well... | |
| # | |
| # This opens a new iTerm sub-window in a root shell so that IF for some reason the new pam file | |
| # is fucky, you're not screwed. Try to sudo in in a new window and if things are broken, just | |
| # mv /tmp/sudo_pam.bak /etc/pam.d/sudo | |
| # | |
| # It shouldn't ever break, but I once flubbed it when doing it by hand and getting sudo access | |
| # is A CHORE, so this errs on the side of paranoid. | |
| [[ "$OSTYPE" =~ 'darwin' ]] || (echo "MUST be run on MacOS" ; exit 1) | |
| if [[ "$USER" != 'root' ]]; then | |
| echo "Must run via sudo" | |
| exit 1 | |
| fi | |
| if ! grep -q pam_tid /etc/pam.d/sudo; then | |
| echo "auth sufficient pam_tid.so" > /tmp/touchsudo | |
| cat /etc/pam.d/sudo >> /tmp/touchsudo | |
| cp /etc/pam.d/sudo /tmp/sudo_pam.bak | |
| mv /tmp/touchsudo /etc/pam.d/sudo | |
| osascript \ | |
| -e 'tell application "iTerm" to activate' \ | |
| -e 'tell application "System Events" to tell process "iTerm" to keystroke "d" using {command down, shift down}' | |
| echo "Touch-sudo enabled. Please test before exiting this safety root prompt" | |
| echo -- old sudo file /etc/pam.d/sudo backed up to /tmp/sudo_pam.bak | |
| bash | |
| else | |
| echo "Touch-sudo already enabled" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment