Use fingerprint as sudo on Mac

Why

Using sudo on any linux device can raise the risk level substantially.

Using your fingerprint already enrolled on the mac prevents someone from being able to type your password in when you're not around

How

Recent releasesBefore Sonoma

Edit the file /etc/pam.d/sudo_local

sudo nano /etc/pam.d/sudo_local

Put the below in

auth sufficient pam_tid.so

Save and exit, now try sudo in a new shell session

Edit the below file in your favourite editor

NanoVi/Vim

sudo nano /etc/pam.d/sudo

sudo vi /etc/pam.d/sudo

---

The file /etc/pam.d/sudo should look something like below

# sudo: auth account password session
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Add the below line just under # sudo: auth account password session

auth       sufficient     pam_tid.so

Your file should now look like the below

# sudo: auth account password session
+ auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

Save the file using the below commands

NanoVi/Vim

Control x + y + enter

Escape + :wq! + enter

---

Want to make this site better? Open a PR or help fund hosting costs