Six Colors
Six Colors

This Week's Sponsor

PowerPhotos - the ultimate toolbox for Photos on the Mac

By Dan Moren

November 19, 2020 6:35 AM PT

Last updated August 18, 2023

Quick Tip: Enable Touch ID for sudo

Update: As of macOS Sonoma, there’s a new and improved method for enabling this feature that’s designed to survive a system update.

My new MacBook Air is proving to be all that I’d hoped, and it’s not just because of the fancy new M1 processors. Since I’m coming from a 2014 MacBook, I’m reaping the benefits of all the other advancements Apple has made to its laptop line in the intervening years, and prime among those is the incorporation of Touch ID: I’ve already enabled it for 1Password (what a lifesaver) and, thanks to a tip from Twitter follower Josef, I can bring it to one of my other favorite places: the command line.

Josef pointed out that it’s relatively easy to add Touch ID support for sudo, the Terminal command that allows you to temporarily grant yourself the powers of the superuser, to do things that no mortal user can do! (Think of it as the command-line equivalent of typing your administrator password in that dialog box that pops up when you want to make a system-level change.)

The good news is that Apple has done most of the heavy lifting here by having built a pluggable authentication module (PAM) for Touch ID; all you need to do is essentially turn it on, which takes just a few simple steps.

First, open up Terminal. Navigate to the directory where the system stores the list of PAMs by typing cd /etc/pam.d/ and open the sudo file there in your favorite command-line text editor.1 (You can also always use a GUI editor like BBEdit too.) Note that if you open it via the command-line, you’ll need to use sudo itself to do so, since the file is (understandably) protected.

Once you’ve opened it, add the following below the first line (you’ll see the headers under which each of the entries goes):

auth sufficient pam_tid.so

That line basically tells the sudo command that the Touch ID authentication module is sufficient to authorize the user, which is all you need to do.

Sudo with Touch ID

Save the file and you’re done! Now, the next time you use the sudo command, instead of being prompted for your password, you’ll get a dialog box asking you to authenticate with Touch ID, just as you would any other time you needed to authenticate. (And, as an extra bonus, if you choose to click the Enter Password, you’ll get prompted to use either the password or your Apple Watch, if you have one.)

  1. I’m going to forestall the vi versus emacs debate by saying I’m a pico/nano guy, don’t @ me. ↩

[Dan Moren is the East Coast Bureau Chief of Six Colors. You can find him on Mastodon at @[email protected] or reach him by email at [email protected]. His latest novel, the sci-fi spy thriller The Armageddon Protocol, is out now.]

If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.

Search Six Colors

Six Colors® is copyright © 2025 by The Incomparable Inc.
Powered by WordPress | Hosted by Pressable