Sudo with Apple Touch ID
Mar 19, 2021
For some reasons, every once in a while I need to redo this. So now my internal notes are published somewhere, and I won’t have to figure this out over and over again.
Instead of requiring the user password on sudo commands, it is possible to ask for the user fingerprint by patching /etc/pam.d/sudo
using the following one-liner.
grep -q "pam_tid.so" /etc/pam.d/sudo || (sudo chmod 644 /etc/pam.d/sudo && sudo sed '2i auth sufficient pam_tid.so' -i /etc/pam.d/sudo && sudo chmod 444 /etc/pam.d/sudo)
A new rule should have been added on top.
And here goes the magic when running sudo !