Here's a tip from Cabel Sasser of Panic for those of you out there with Touch Bar MacBook Pros who use Terminal and the "sudo" command frequently.
Pro MacBook Pro Tip: have a Touch Bar with Touch ID? If you edit /etc/pam.d/sudo and add the following line to the top…— Cabel Sasser (@cabel) November 16, 2017
auth sufficient pam_tid.so
…you can now use your fingerprint to sudo!
Here's the full step-by-step, for those who want to experiment. That said: sudo is an incredibly powerful command in the Terminal; we don't recommend messing around with this trick if you don't feel comfortable working in the Terminal app and changing system preference files.
Also worth noting, via Sasser:
(Important caveat/warning: if you SSH into that machine, you will NOT be able to sudo, as your fingerprint cannot travel through SSH. 😜)— Cabel Sasser (@cabel) November 16, 2017
How to enable Touch ID for sudo commands on your MacBook Pro with Touch Bar
In Safari, paste the following into the search bar: file:///etc/pam.d/sudo.
Alternatively, go to Finder > Macintosh HD > private > etc > pam.d > sudo. (Note: You may need to first reveal hidden files to see the private directory.)
Press Command-I with the sudo file highlighted to open up the information screen.
- Click on the Lock icon in the bottom right corner.
- Enter your authentication information (or use Touch ID).
Change the privileges of all users to Read & Write.
- Download TextWrangler, a free plain text editor, or use the plain text editor of your choice.
- Open the sudo file in TextWrangler (or equivalent).
Paste auth sufficient pam_tid.so on the first line of the document.
Note: If you get a note about the document being locked, go back to step 2-5 and make sure you've enabled Read & Write privileges on the document.
Save the sudo file and close it.
- In Finder, press Command-I with the sudo file highlighted to open up the information screen.
- Change the privileges on all users to Read only.
- Click on the Lock icon in the bottom right corner.
Now, when you open Terminal and attempt a sudo command, you should be prompted with a Touch ID authentication in lieu of entering your administrator password.
