Overview
The process to enable Touch ID for the sudo
command in the macOS Terminal app allows users to authenticate system-level changes using their fingerprint instead of typing an administrator password. This feature is particularly useful for those who frequently use the sudo
command in Terminal, as it streamlines the authentication process.
Steps to Enable Touch ID
- Open Terminal: You can find Terminal in the Applications/Utilities folder, or by searching for it using Spotlight or Launchpad.
- Navigate to PAMs Directory: Enter
cd /etc/pam.d
into Terminal to change the working directory to where macOS stores Pluggable Authentication Modules (PAMs) information. - Duplicate sudo_local.template: Use the command
sudo cp sudo_local.template sudo_local
to copysudo_local.template
to a new file namedsudo_local
. You will need to enter your administrator password to authorize this action. - Edit sudo_local File: Run
sudo pico sudo_local
to edit thesudo_local
configuration file with the Pico text editor. - Modify the File: In the Pico editor, find the line that includes
pam_tid.so
and remove the hashtag (#) at the beginning of the line to uncomment it. - Save Changes: Press Control (⌃) – X, then type Y and press the Return key to save the file and exit the editor.
Authenticating with Touch ID
Once you have completed the setup, the next time you use the sudo
command in Terminal, you will be prompted with a Touch ID request. Simply rest your finger on the fingerprint sensor to authenticate the command.
Considerations
- This method is future-proof in macOS Sonoma, meaning it will survive software updates.
- For macOS Ventura and older, you need to re-enable Touch ID for Terminal after each software update.
- The method was discovered by Rachel Greenham and confirmed by Dan Moren of Six Colors.