sudo-touchid
sudo-touchid copied to clipboard
artginzburg
Permanent TouchID support 👆 for `sudo`.
sudo-touchid
Native and reliable TouchID support for sudo
Try it out without installing
curl -sL git.io/sudo-touch-id | sh
Now sudo is great, just like Safari — with your fingerprint in Terminal or whatever you're on.
Don't worry, you can also reverse it without installing
Please note: without full installation, TouchID for
sudowill be disabled after the next macOS update.
Features
- Fast
- Reliable
- Written in Bash — no dependencies!
- Include it to your automated system build — always working and up to date with major macOS upgrades!
Install
Via 🍺 Homebrew (Recommended)
brew install artginzburg/tap/sudo-touchid
sudo brew services start sudo-touchid
Check out the formula if you're interested
Using curl
curl -sL git.io/sudo-touchid | sh
curl is pre-installed in macOS
Performs automated "manual" installation.
The installation process:
- Makes the
sudo-touchidcommand available. - Makes it auto-run on every system launch (using a simple
launchddaemon with RunAtLoad key set to true), so that when a macOS update erases our customsudoconfiguration,sudo-touchidfixes it again.
Usage
sudo-touchid [options]
# Running without options adds TouchID parameter to sudo configuration
[-v, --version] # Output installed version
# Commands:
[-d, --disable] # Removes TouchID from sudo config
if not installed, can be used via curl bundled with macOS
sh <( curl -sL git.io/sudo-touch-id ) [options]
# Reliability — check :)
[-d, --disable] # Removes TouchID from sudo config
Why?
-
Productivity
macOS updates do reset
/etc/pam.d/sudo, so previously users had to manually edit the file after each upgrade.This tool was born to automate the process, allowing for TouchID sudo auth to be quickly enabled on a new/clean system.
-
Spreading the technology.
I bet half of you didn't know.
It was there for a long time.
-
Lightness
The script is small, doesn't need any builds, doesn't need XCode.
Code size comparison — previously favoured solution VS. the one you're currently reading:
How does it work?
sudo-touchid.sh — the script:
-
Adds
auth sufficient pam_tid.soto the top of/etc/pam.d/sudofile following @cabel's advice -
Creates a backup file named
sudo.bak. -
Has a
--disable(-d) option that performs the opposite of the steps above.
Non-Homebrew files:
com.user.sudo-touchid.plist — the property list (global daemon):
-
Runs
sudo-touchid.shon system reloadNeeded because any following macOS updates just wipe out our custom
sudo.
install.sh — the installer:
-
Saves
sudo-touchid.shas/usr/local/bin/sudo-touchidand gives it the permission to execute.(yes, that also means you're able to run
sudo-touchidfrom Terminal) -
Saves
com.user.sudo-touchid.plistto/Library/LaunchDaemons/so that it's running on boot (requires root permission).
Manual installation
- Generally follow the steps provided by the installer in "Non-Homebrew files"
- If you need to, store
sudo-touchid.shanywhere else and replace/usr/local/binincom.user.sudo-touchid.plistwith the chosen path.
Contributing
PRs and Issues are much welcome!
If you don't like something — change it or inform the ones willing to help.
Related
Disabling password prompt for sudo
- Change
%admin ALL=(ALL) ALLto%admin ALL=(ALL) NOPASSWD: ALLin/etc/sudoers
TouchID support in tmux
- Have a look at pam_reattach module
Apple Watch TouchID support
- Have a look at pam_watchid module
artginzburg