Thanks to visit codestin.com
Credit goes to github.com

Skip to content
/ sudo-touchid Public

 Permanent TouchID support 👆 for `sudo`.

git.io/sudotouchid

License

EPL-2.0 license
611 stars 16 forks Branches Tags Activity
Star

artginzburg/sudo-touchid

BranchesTags

Repository files navigation

Icon

sudo-touchid

Downloads Donate

Native and reliable TouchID support for sudo

Try it out     without installing

curl -sL git.io/sudo-touch-id | sh

Now sudo is great, just like Safari — with your fingerprint in Terminal.

Don't worry, you can also reverse it

Result:

Preview

Just type git.io/sudotouchid to go here.

Features

  • Fast & reliable
  • Written in Bash — no dependencies
  • pam_reattach support for tmux/screen compatibility (GUI session reattachment)
  • Supports modern and legacy systems: For macOS 13 and below, see LEGACY_MACOS.md

Install

Via 🍺 Homebrew

brew install artginzburg/tap/sudo-touchid

Check out the formula if you're interested


Usage

Copy and run this command:

sudo-touchid

It adds TouchID to sudo configuration, or migrates an existing legacy configuration if you're upgrading from macOS 13 or below.

# Usage:
sudo-touchid [options]
             [-v,  --version]   # Output installed version
             [-d,  --disable]   # Remove TouchID from sudo config
             [--with-reattach]  # Include pam_reattach.so for tmux/screen support
             [--migrate]        # Migrate from legacy configuration
             [--verbose]        # Show detailed output
             [-q,  --quiet]     # Show minimal output (errors only)
             [-y,  --yes]       # Skip confirmation prompts (non-interactive mode)

if not installed, can be used via curl bundled with macOS

sh <( curl -sL git.io/sudo-touch-id )

Accepts the same arguments, like -d or -v.


Why?

  • Productivity: Automates TouchID setup
  • Lightweight: Small Bash script, no builds or Xcode required
  • Reliable: Persistent configuration across system updates

How does it work?

For macOS 14+:

  • Creates /etc/pam.d/sudo_local with TouchID configuration
  • Never modifies system-managed /etc/pam.d/sudo file

All versions:

  • Has a --disable (-d) option that removes all TouchID configurations.
  • Optional --with-reattach for GUI session reattachment support
  • Creates backup files during migration
  • Automatically detects and migrates legacy configurations

Manual installation

Just save sudo-touchid.sh as /usr/local/bin/sudo-touchid with execute permissions

See LEGACY_MACOS.md for additional considerations on older systems


Related

  • tmux/screen support: pam_reattach module (built-in via --with-reattach)
  • Apple Watch support: pam_watchid module
  • Disable password prompt: Change %admin ALL=(ALL) ALL to %admin ALL=(ALL) NOPASSWD: ALL in /etc/sudoers

About

 Permanent TouchID support 👆 for `sudo`.

git.io/sudotouchid

Topics

macos bash cli security terminal authentication sudo touchid

Resources

Readme

License

EPL-2.0 license

Contributing

Contributing
Activity

Stars

611 stars

Watchers

4 watching

Forks

16 forks
Report repository

Releases 5

0.5 Latest
Sep 17, 2025
+ 4 releases

Sponsor this project

Contributors 3

  •  
  •  
  •  

Languages