https://github.com/artginzburg/sudo-touchid
Permanent TouchID support 👆 for `sudo`.
https://github.com/artginzburg/sudo-touchid
authentication bash cli macos security sudo terminal touchid
Last synced: 6 months ago
JSON representation
Permanent TouchID support 👆 for `sudo`.
- Host: GitHub
- URL: https://github.com/artginzburg/sudo-touchid
- Owner: artginzburg
- License: epl-2.0
- Created: 2021-07-24T14:25:37.000Z (over 4 years ago)
- Default Branch: main
- Last Pushed: 2023-10-15T19:38:55.000Z (over 2 years ago)
- Last Synced: 2025-03-29T03:09:10.733Z (about 1 year ago)
- Topics: authentication, bash, cli, macos, security, sudo, terminal, touchid
- Language: Shell
- Homepage: https://git.io/sudotouchid
- Size: 2.81 MB
- Stars: 569
- Watchers: 6
- Forks: 15
- Open Issues: 11
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# sudo-touchid
[](https://github.com/artginzburg/sudo-touchid/releases)
[](https://github.com/artginzburg/sudo-touchid?sponsor=1)
Native and reliable [**TouchID**](https://support.apple.com/en-gb/guide/mac-help/mchl16fbf90a/mac) support for `sudo`
## Try it out without installing
```powershell
curl -sL git.io/sudo-touch-id | sh
```
Now `sudo` is great, just like Safari — with your fingerprint in Terminal.
> Don't worry, you can also [reverse](#usage) it
### Features
- Fast & reliable
- Written in Bash — no dependencies
- **pam_reattach support** for tmux/screen compatibility (GUI session reattachment)
- **Supports modern and legacy systems:** For macOS 13 and below, see [LEGACY_MACOS.md][legacy]
## Install
### Via [🍺 Homebrew](https://brew.sh/)
```bash
brew install artginzburg/tap/sudo-touchid
```
> Check out [the formula](https://github.com/artginzburg/homebrew-tap/blob/main/Formula/sudo-touchid.rb) if you're interested
## Usage
Copy and run this command:
```bash
sudo-touchid
```
It adds TouchID to sudo configuration, or migrates an existing legacy configuration if you're upgrading from macOS 13 or below.
```bash
# Usage:
sudo-touchid [options]
[-v, --version] # Output installed version
[-d, --disable] # Remove TouchID from sudo config
[--with-reattach] # Include pam_reattach.so for tmux/screen support
[--migrate] # Migrate from legacy configuration
[--verbose] # Show detailed output
[-q, --quiet] # Show minimal output (errors only)
[-y, --yes] # Skip confirmation prompts (non-interactive mode)
```
if not installed, can be used via [`curl`][curl] bundled with macOS
```bash
sh <( curl -sL git.io/sudo-touch-id )
```
> Accepts the same arguments, like -d or -v.
### Why?
- **Productivity:** Automates TouchID setup
- **Lightweight:** Small Bash script, no builds or Xcode required
- **Reliable:** Persistent configuration across system updates
## How does it work?
**For macOS 14+:**
- Creates `/etc/pam.d/sudo_local` with TouchID configuration
- Never modifies system-managed `/etc/pam.d/sudo` file
**All versions:**
- Has a `--disable` (`-d`) option that removes all TouchID configurations.
- Optional `--with-reattach` for GUI session reattachment support
- Creates backup files during migration
- Automatically detects and migrates legacy configurations
### Manual installation
Just save `sudo-touchid.sh` as `/usr/local/bin/sudo-touchid` with execute permissions
> See [LEGACY_MACOS.md][legacy] for additional considerations on older systems
## Related
- **tmux/screen support:** [pam_reattach](https://github.com/fabianishere/pam_reattach) module (built-in via `--with-reattach`)
- **Apple Watch support:** [pam_watchid](https://github.com/biscuitehh/pam-watchid) module
- **Disable password prompt:** Change `%admin ALL=(ALL) ALL` to `%admin ALL=(ALL) NOPASSWD: ALL` in `/etc/sudoers`
[curl]: https://curl.se
[legacy]: ./docs/LEGACY_MACOS.md
