How to enable touch id for sudo in Terminal

root's picture

So, you have a mac computer with touch id and you would like to use it also when you do "sudo su -" on Terminal but there is no menu to let you set up this.
You actually can, via Terminal :)
PS: there is one small downside. You need to do this after each OS upgrade. But since it doesn't happen so often and the procedure is very simple, I am ok with it.

1. Become root with sudo command (you will have to type the password this time):

fmbpro:~ florian$ sudo su -
Password:
fmbpro:~ root#

2. Go to /private/etc/pam.d/ and you will find a file there named sudo. Change its permissions so it can be writable:

fmbpro:pam.d root# ls -la sudo
-r--r--r--  1 root  wheel  246 Jun  8 03:23 sudo
fmbpro:pam.d root# chmod gou+w sudo 
fmbpro:pam.d root# ls -la sudo
-rw-rw-rw-  1 root  wheel  246 Jun  8 03:23 sudo

3. Add "auth sufficient pam_tid.so" right after the first line (the commented one). The file should look like this afterwards:

fmbpro:pam.d root# cat sudo 
# sudo: auth account password session
auth       sufficient     pam_tid.so
auth       sufficient     pam_smartcard.so
auth       required       pam_opendirectory.so
account    required       pam_permit.so
password   required       pam_deny.so
session    required       pam_permit.so

4. Edit back the permissions:

fmbpro:pam.d root# chmod gou-w sudo 
fmbpro:pam.d root# ls -la sudo 
-r--r--r--@ 1 root  wheel  283 Sep  3 01:05 sudo

5. Enjoy sudo with touch id :)

Thou shalt not steal!

If you want to use this information on your own website, please remember: by doing copy/paste entirely it is always stealing and you should be ashamed of yourself! Have at least the decency to create your own text and comments and run the commands on your own servers and provide your output, not what I did!

Or at least link back to this website.