Bring Back Touch ID for sudo on macOS with This Easy Script
Hayden Duffy - June 12, 2023
4 min read
Introduction
One of the most convenient features of the Apple ecosystem, aside from Handoff, is being able to use Touch ID to authenticate a sudo session. This nifty feature saves you from typing your password each time you need elevated privileges, streamlining the user experience and making it even more seamless to interact with your Mac.
And, by extension, one of the most inconvenient aspects of the Apple ecosystem is when your Mac updates, and suddenly, Touch ID stops working as a sudo authentication option.
It took me a hot second to realise that Touch ID wasn't prompting me to auth a sudo session, until I looked at my Apple Watch one day and thought "wait... why didn't my wrist update?! This was the only thing I'm using the Watch for!". After recognising the lack of Touch ID auth on a semi-regular frequency, I discovered it was OS Software Updates causing me such pain.
So, in this post, we'll share a nifty little script that will help you add Touch ID back to the sudo list. Plus, we'll guide you through the process of executing the script, step by step. No more pain, all the gain.
Prerequisites
Before we dive in, make sure you have administrator access to your Mac because the script needs a bit of extra power to work its magic. And more importantly, make sure you know what I'm talking about, and you read & understand the script before proceeding! Never run a script you copy from the internet without understanding exactly what it does, and sanitising it for hidden characters.
Step-by-Step Guide to Add Touch ID Back to the sudo List
1. Create the script
First things first, copy the script we've provided below into your favourite text editor and save it as add_touch_id.sh (feel free to name it what you want). This handy script will check if you have root privileges, see if Touch ID is already enabled, and add Touch ID to the sudo file if it's missing.
#!/bin/bash
# Check if the script is being run with root privileges
if [ "$(id -u)" -ne 0 ]; then
echo "This script must be run with elevated privileges (e.g., sudo)."
exit 1
fi
# Check if Touch ID is already enabled
if grep -q "auth sufficient pam_tid.so" /etc/pam.d/sudo; then
echo "Touch ID is already enabled for sudo."
exit 0
fi
# Add Touch ID to the sudo file with matching spacing
sudo awk 'NR==1{print; print "auth sufficient pam_tid.so"; next} 1' /etc/pam.d/sudo >/etc/pam.d/sudo_temp
sudo mv /etc/pam.d/sudo_temp /etc/pam.d/sudo
# Verify that the line was added successfully
if grep -q "auth sufficient pam_tid.so" /etc/pam.d/sudo; then
echo "Touch ID successfully enabled for sudo."
else
echo "Failed to enable Touch ID for sudo."
fi
2. Make the script executable
Next, open up the Terminal and run the following command (just make sure to replace "/path/to/" with the actual path to your script):
chmod +x /path/to/add_touch_id.sh
Now, your script is ready for action!
3. Run the script with elevated privileges
With the script executable, it's time to run it. Enter the following command in the Terminal, again swapping /path/to/ with your script's actual path:
sudo /path/to/add_touch_id.sh
This command runs the script with the required elevated privileges. The script will check if you have root access, see if Touch ID is already enabled, and add Touch ID to the sudo file if needed.
4. Adding an Alias for Quick Use
If you want to make it even easier to run the add_touch_id.sh script, you can create an alias that points to the script file. This way, you can simply type the alias in the terminal instead of the full path to the script.
To create the alias, open your shell configuration file (~/.bashrc, ~/.zshrc, or ~/.config/fish/config.fish, depending on your shell), and add the following line:
alias sdt="sudo /path/to/add_touch_id.sh"
Replace /path/to/add_touch_id.sh with the actual path to your add_touch_id.sh script file. Save the file and either reload your shell configuration by running source ~/.shell-configuration-fileor open a new terminal session.
Now, you can simply type sdt in the terminal, enter your login password and tada 🎉 you can use Touch ID, and your Apple Watch, to authenticate a sudo command!
Conclusion
By following this simple guide, you can quickly and easily restore Touch ID as a sudo authentication option on your Mac after each update. Now, you can continue enjoying the convenience of Touch ID and make your Mac experience even smoother.