Table of Contents:

Sudo with Touch ID on the macOS Terminal

Motivation

I am lazy. Need I say more?

Listen, this is not a major thing, but I use sudo extensively. Therefore typing my password over and over again gets tedious at some point.

Lucky for me there is a solution…

Touch ID as an authentication method for sudo was at least envisioned by apple as it seems. However it is deactivated by default.

How

The file /etc/pam.d/sudo contains the authentication methods and rule sets for sudo on the command line.

All that remains is adding auth sufficient pam_tid.so at the beginning of the file. You will require sudo permissions to be able to write to the file.

# sudo: auth account password session
auth       sufficient     pam_tid.so # new line
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Bonus: This works for all of the sudo prompts in my Emacs as well.

Be advised:

You are messing with permission escalation here. Do be aware of the risks involved here. Read up if necessary.

iTerm2

This works with all the Terminal emulators, that I have used so far (Terminal, Kitty, Alacritty,…) out of the box.

However iTerm2 seems to be a diva in that regard. Meaning, that it needs more settings to go along. This is illustrated in this GitLab issue.

  • Go to Preferences > Advanced
  • Search for Allow sessions to survive after logging out and back in
  • Select “No” in the drop-down.