# How to Enable Touch ID for sudo on macOS Sonoma (14.x) and Beyond

Integrating Touch ID for sudo commands enhances both security and efficiency on macOS. This guide provides a streamlined method for macOS Sonoma (14.x) and later users, ensuring persistence across system updates and a nod to those who've contributed to simplifying this process.

<figure><img src="/files/OsKKRhs2KyDFPm6DqgP0" alt="" width="563"><figcaption><p>Aren't you tired of typing complex passwords in Terminal?</p></figcaption></figure>

### Acknowledgment

We've drawn inspiration and guidance from a script by Rich Trouton, found on his GitHub repository. A special thanks to Rich for his contributions to the macOS community. [View the original script here](https://github.com/rtrouton/rtrouton_scripts/tree/main/rtrouton_scripts/enable_and_disable_touch_id_for_sudo).

For further details on Touch ID and its capabilities on your Mac, visit [Apple Support](https://support.apple.com/en-us/109030).

### Prerequisites

* An Apple Silicon Mac with Touch ID. (**TouchID must be enabled!)**
* macOS Sonoma (14.x) or newer.
* Administrative privileges.

### Step-by-Step Guide

#### Backup and Update the sudo\_local File

The process involves backing up any existing `sudo_local` configuration and then updating it to enable Touch ID authentication for sudo commands, ensuring your custom settings remain effective even after macOS updates.

#### Automate the Configuration

An automated script would handle the setup smoothly by:

* Verifying macOS version compatibility.
* Backing up the current `sudo_local` file, if it exists.
* Copying the `sudo_local.template` to `sudo_local` and activating Touch ID authentication.

#### Manual Configuration Steps

If you're manually configuring or wish to understand the internals, follow these steps:

1. **Open Terminal**: Found in Applications > Utilities.
2. **Backup Existing `sudo_local`**: If it exists, rename it for backup:

   ```shell
   sudo mv /etc/pam.d/sudo_local /etc/pam.d/sudo_local_$(date "+%s").bak
   ```
3. **Activate Touch ID Authentication**:

   Copy the template and enable Touch ID:

   ```shell
   sudo cp /etc/pam.d/sudo_local.template /etc/pam.d/sudo_local
   sudo sed -i '' -e 's,#auth       sufficient     pam_tid.so,auth       sufficient     pam_tid.so,g' /etc/pam.d/sudo_local
   ```
4. **Set Correct Permissions**:

   Ensure the file ownership and permissions are correct:

   ```shell
   sudo chown root:wheel /etc/pam.d/sudo_local
   sudo chmod 555 /etc/pam.d/sudo_local
   ```

#### Test the Configuration

To verify Touch ID for sudo is operational:

```shell
sudo whoami
```

This command should prompt for Touch ID instead of a password. If correctly set up, it will return `root`, indicating successful superuser access through Touch ID.

<figure><img src="/files/9cneCctOMsoemjCVLO8q" alt="" width="428"><figcaption><p>This is what success looks like!</p></figcaption></figure>

### Conclusion

By following this guide, macOS Sonoma users can enjoy the enhanced security and convenience of Touch ID for sudo commands, with a setup that endures through system updates. This method, inspired by Rich Trouton's script, demonstrates the macOS community's dedication to improving user experience.

***

Elevate your macOS security in our next [blog post](https://blog.redcupit.com/macos-setup-guide-for-software-engineers-and-developers/essential-tools-and-software-for-macos-developers/enhance-your-macos-security-with-yubikey-as-a-piv-card-for-login-and-terminal-access), where we explore using YubiKey as a PIV card for login and terminal access. Learn how to boost your system's defenses with YubiKey—a must-read for enhancing digital security seamlessly on macOS.&#x20;

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://blog.redcupit.com/macos-setup-guide-for-software-engineers-and-developers/essential-tools-and-software-for-macos-developers/how-to-enable-touch-id-for-sudo-on-macos-sonoma-14.x-and-beyond.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.