By Dan Moren
August 18, 2023 5:33 AM PT
In macOS Sonoma, Touch ID for sudo can survive updates
One of the great things about having a Mac with built-in biometric authentication is not having to constantly type in your password. It’s particularly nice for those of us that work in Terminal, where you can set up Touch ID to authenticate the
sudo command that bestows administrative powers.
However there’s been one drawback to enabling that feature: because it means altering a system file, the change wouldn’t generally survive a system update—the file would get overwritten by the stock file every time macOS released a new version, meaning you’d have to go in and make the change again. I’m probably not alone in having given up on having Touch ID enabled, rather than playing the constant cat-and-mouse game.
But wait, there’s good news: in macOS Sonoma, Apple appears to have provided a new framework to work around this problem. As Mastodon user Rachel pointed out, Sonoma allows for an additional file that will persist through updates. So you can make the change once and it should stick.
From what I can tell, this system was put in place precisely for this feature. Apple provides a
sudo_local.template file as an example, which not only contains a comment explaining that
sudo_local will survive updates, but also even includes the code necessary to enable Touch ID.
So, without further adieu, here are the steps for enabling this feature in macOS Sonoma, once and for all:1
Open the Terminal app. Navigate to the directory that stores the authentication files by typing the following:
Next, copy Apple’s provided template to the actual file that the system will read. You’ll need to use
sudo and enter your administrator password to get permission:
sudo cp sudo_local.template sudo_local
Finally, open up the file you just made using your text editor of choice; I prefer
pico.2 You’ll need to use
sudo again here.
sudo pico sudo_local
In that file, navigate to the line that contains with
pam_tid.so and delete the hashtag (#) at the beginning. Save the file out by pressing Control-X, typing ‘Y’ to save your changes, and hitting Return.
That’s it; you’re done! We’ll have to wait and see if this truly works as described, but fingers crossed you should be able to keep Touch ID access for
sudo for ever and ever.
[Dan Moren is the East Coast Bureau Chief of Six Colors. You can find him on Mastodon at @email@example.com or reach him by email at firstname.lastname@example.org. His latest novel, the supernatural detective story All Souls Lost, is now available for pre-order.]
If you appreciate articles like this one, support us by becoming a Six Colors subscriber. Subscribers get access to an exclusive podcast, members-only stories, and a special community.