Red Cup IT - Blog
  • 👋Welcome to Red Cup IT: Navigating the Modern Cybersecurity Landscape Together
  • ☄️Browser Security
    • Enhancing Security with the TalonWork Enterprise Browser and Okta for Sensitive Data Protection
      • How to Log into Office.com on Your Tesla and Check Azure Sign-In Logs for User Agent Version
    • Enhancing Web Security: The Case for Blocking JavaScript in the Omnibox
  • 👩‍💻IT & DevOps Security
    • Github
      • GitHub Cybersecurity Best Practices Checklist for Startups
      • Github Authentication with Passkeys
      • What is GitHub Domain Verification?
      • Essential GitHub Practices: Managing Member Privileges
    • Atlassian Jira
      • Understanding the New Atlassian Jira and Confluence External User Security Policy
    • Okta
      • Enhancing Authentication Security with Okta Identity Engine Factor Sequencing
  • 📨Domain Security
    • Importance of Secure SPF Records for Email Security
    • Strengthening Domain Registrar Security: Essential Strategies
    • Elevate Your Brand's Email Trust with BIMI and VMC: A Comprehensive Guide
    • The Critical Role of DNSSEC in Enhancing Business Domain Security
  • 🔐MSP Supply Chain Security
    • Leveraging Talon Browser's File Scanning Engine for Enhanced Security in MSP Environments
  • 🔎Real Time Threat Detection and Response
    • SentinelOne
      • SentinelOne and Okta Integration: Elevating Zero Trust Security in Okta
      • 🕵️‍♀️SentinelOne and Microsoft Entra ID Integration: Elevating Zero Trust Security in Azure AD
  • macOS Setup Guide for Software Engineers and Developers
    • Essential Tools and Software for macOS Developers
      • How to Install Homebrew on an Apple Silicon macOS Computer
      • Linking Visual Studio Code to GitHub on macOS: A Guide to Signed Commits
        • Choosing the Right GnuPG Key Type: A Guide to Secure Encryption
      • How to Enable Touch ID for sudo on macOS Sonoma (14.x) and Beyond
      • Enhance Your macOS Security with YubiKey as a PIV Card for Login and Terminal Access
Powered by GitBook
On this page
  • Acknowledgment
  • Prerequisites
  • Step-by-Step Guide
  • Conclusion

Was this helpful?

  1. macOS Setup Guide for Software Engineers and Developers
  2. Essential Tools and Software for macOS Developers

How to Enable Touch ID for sudo on macOS Sonoma (14.x) and Beyond

Are you tired of typing long passwords multiple times per day in the macOS Terminal? Well, there's a better way! Read on, friend.

PreviousChoosing the Right GnuPG Key Type: A Guide to Secure EncryptionNextEnhance Your macOS Security with YubiKey as a PIV Card for Login and Terminal Access

Last updated 1 year ago

Was this helpful?

Integrating Touch ID for sudo commands enhances both security and efficiency on macOS. This guide provides a streamlined method for macOS Sonoma (14.x) and later users, ensuring persistence across system updates and a nod to those who've contributed to simplifying this process.

Acknowledgment

Prerequisites

  • An Apple Silicon Mac with Touch ID. (TouchID must be enabled!)

  • macOS Sonoma (14.x) or newer.

  • Administrative privileges.

Step-by-Step Guide

Backup and Update the sudo_local File

The process involves backing up any existing sudo_local configuration and then updating it to enable Touch ID authentication for sudo commands, ensuring your custom settings remain effective even after macOS updates.

Automate the Configuration

An automated script would handle the setup smoothly by:

  • Verifying macOS version compatibility.

  • Backing up the current sudo_local file, if it exists.

  • Copying the sudo_local.template to sudo_local and activating Touch ID authentication.

Manual Configuration Steps

If you're manually configuring or wish to understand the internals, follow these steps:

  1. Open Terminal: Found in Applications > Utilities.

  2. Backup Existing sudo_local: If it exists, rename it for backup:

    sudo mv /etc/pam.d/sudo_local /etc/pam.d/sudo_local_$(date "+%s").bak

  3. Activate Touch ID Authentication:

    Copy the template and enable Touch ID:

    sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local
sudo sed -i '' -e 's,#auth       sufficient     pam_tid.so,auth       sufficient     pam_tid.so,g' /etc/pam.d/sudo_local

  4. Set Correct Permissions:

    Ensure the file ownership and permissions are correct:

    sudo chown root:wheel /etc/pam.d/sudo_local
sudo chmod 555 /etc/pam.d/sudo_local

Test the Configuration

To verify Touch ID for sudo is operational:

sudo whoami

This command should prompt for Touch ID instead of a password. If correctly set up, it will return root, indicating successful superuser access through Touch ID.

Conclusion

By following this guide, macOS Sonoma users can enjoy the enhanced security and convenience of Touch ID for sudo commands, with a setup that endures through system updates. This method, inspired by Rich Trouton's script, demonstrates the macOS community's dedication to improving user experience.

We've drawn inspiration and guidance from a script by Rich Trouton, found on his GitHub repository. A special thanks to Rich for his contributions to the macOS community. .

For further details on Touch ID and its capabilities on your Mac, visit .

Elevate your macOS security in our next , where we explore using YubiKey as a PIV card for login and terminal access. Learn how to boost your system's defenses with YubiKey—a must-read for enhancing digital security seamlessly on macOS.

View the original script here
Apple Support
blog post
Aren't you tired of typing complex passwords in Terminal?
This is what success looks like!