Each day that I wake up I try and figure out if I can do less work than yesterday. With this in mind I was playing around to see if there is a way to save me typing my password each time I SUDO. It turns out this is quite a simple change…
Open Terminal and run the following to edit sudos behaviour:
sudo nano /etc/pam.d/sudoNext add the following to the top of the file:
auth sufficient pam_tid.soThe only issue with this is that /etc/pam.d/sudo is overwritten on every macOS update (major, minor or patch – it is always overwritten and reset back to its default state).
MacOS: Sonoma
In their “What’s new for enterprise in macOS Sonoma” document Apple listed the following in the “Bug fixes and other improvements” section:
Touch ID can be allowed for
sudowith a configuration that persists across software updates using/etc/pam.d/sudo_local. See/etc/pam.d/sudo_local.templatefor details.
So lets create a template file in /etc/pam.d/sudo_local.template:
sudo nano /etc/pam.d/sudo_local.templateNext uncomment the auth line, as per:
# sudo_local: local config file which survives system update and is included fo$
# uncomment following line to enable Touch ID for sudo
auth sufficient pam_tid.soThis should mean that Touch ID now survive system updates!
Quick tests:
sudo ls
# exit sudo
sudo -k
sudo lsTo enable Touch ID access on Iterm2. You need to do the following. Go to Prefs -> Advanced -> Allow sessions to survive logging out and back in and set value to no . Restart Iterm2 and touch ID authentication will work on Iterm2.