Skip to content

Instantly share code, notes, and snippets.

@windyinsc

windyinsc/enable-touch-id-for-sudo.md

Created November 19, 2020 20:16
Show Gist options
  • Save windyinsc/26aaa8783c7734529998062a11d80b96 to your computer and use it in GitHub Desktop.
Save windyinsc/26aaa8783c7734529998062a11d80b96 to your computer and use it in GitHub Desktop.
Download ZIP
macOS - Enable Touch ID for sudo
Raw
enable-touch-id-for-sudo.md

Enable Touch ID for sudo

Thanks to this awesome Six Colors post: Quick Tip: Enable Touch ID for sudo

The short of it:

  1. In your terminal go to cd /etc/pam.d/.
  2. Now open the sudo file with your favorite command-line/GUI text editor.
    • Note that if you open it via the command-line, you’ll need to use sudo itself to do so, since the file is (understandably) protected.
  3. With the sudo file open, add the following command below below the first line. auth sufficient pam_tid.so
    • That line basically tells the sudo command that the Touch ID authentication module is sufficient to authorize the user, which is all you need to do
    • I entered this command on line nbr 2 of the sudo file
  4. Save the file and you're done.

Next time you use the sudo command you can simply just place your finger on the Touch ID, just as you would any other time you needed to authenticate.

Here is my newly edited sudo file with the added auth sufficient pam_tid.so command.

# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Again, all thanks goes to the Six Colors post above who gives full credit and hat tip to his twitter (follower) user Josef Habr.

@Anti-Reverb
Copy link

Anti-Reverb commented Sep 8, 2025

Awesome! Thanks for this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment