For some reasons, every once in a while I need to redo this. So now my internal notes are published somewhere, and I won’t have to figure this out over and over again.

Instead of requiring the user password on sudo commands, it is possible to ask for the user fingerprint by patching /etc/pam.d/sudo using the following one-liner.

grep -q "pam_tid.so" /etc/pam.d/sudo || (sudo chmod 644 /etc/pam.d/sudo && sudo sed '2i auth       sufficient     pam_tid.so' -i /etc/pam.d/sudo && sudo chmod 444 /etc/pam.d/sudo)

A new rule should have been added on top.

Content of /etc/pam.d/sudo

And here goes the magic when running sudo !

--

--