Learn how to use your Mac’s Touch ID for the sudo command in the macOS Terminal app to save yourself from typing an administrator password.
For those unfamiliar, sudo is a powerful Unix command available in the Mac’s Terminal app that lets you make system-level changes as if you were a superuser.
An unofficial solution in macOS Ventura and older lets you use Touch ID authentication for the sudo command instead of the admin password.
This is basically a workaround, and it comes with a significant drawback: You must re-enable Touch ID for Terminal every single time you install a new macOS version.
macOS Sonoma provides a future-proof solution that’ll survive software updates so let’s see how you can enable and use Touch ID for Terminal’s sudo command.
How to enable Touch ID for the ‘sudo’ Terminal command
To enable Touch ID authentication for Terminal, you’ll duplicate sudo_local.template as a new file and make a slight change to it.
- Launch Terminal from the Applications/Utilities folder. You can also type “Terminal” in Spotlight search or Launchpad to quickly find and open the app.
- Paste the following into Terminal and press the Enter key. This command will set Terminal’s working directory to the system folder that stores information about the available pluggable authentication modules (PAMs) in macOS.
cd /etc/pam.d - Next, copy
sudo_local.templateto a new file namedsudo_localby running the Terminal command below. You’ll need to type your administrator password to authorize the command because we’re making changes to the protected system file.sudo cp sudo_local.template sudo_local
- Finally, edit the
sudo_localconfiguration file with the Pico command-line text editor, which is built into macOS Monterey 12.3 and later:sudo pico sudo_local - We'll now uncomment a line in
sudo_localto enable a pluggable authentication module for Touch ID. In the Pico editor, use the arrow keys to go to the line that includespam_tid.soand delete the hashtag sign (#) at the beginning.
- Lastly, save the changes by pressing Control (⌃) - X on the keyboard, then type Y and press the Return key to save the file.
macOS reads sudo_local. We just informed the operating system it's OK to approve Terminal commands that require administrative privileges with Touch ID.
How to authenticate 'sudo' in Terminal with Touch ID
With biometric authentication in Terminal, you'll be greeted with a Touch ID prompt the next time you use the sudo command. Rest a finger on your Mac's fingerprint sensor to authorize the command instead typing your administrative password.
If you do feel like entering a password, click Enter Password in the dialog.
But why would anyone want to use the password instead of their fingerprint? Because those wearing an Apple Watch configured to approve macOS authentication requests will be able to authenticate with it after clicking this option.
Using Touch ID for Terminal on older macOS versions
In macOS Sonoma, sudo_local survives software updates, meaning you can turn on Touch ID for Terminal once and be done with it.
On macOS Ventura and older, however, you must add the auth sufficient pam_tid.so line below the first line in sudo_local to enable Touch ID for Terminal. But as mentioned, sudo_local doesn't stick through updates and gets overwritten by the stock file every time you install a software update.
A time-saving feature for Terminal nerds
Hat tip to Rachel Greenham, who discovered this new method and shared it on Mastodon, with Dan Moren of Six Colors confirming that it works.
If you consider yourself a Terminal nerd, this tip could save you a lot of time.
Many operations performed in Terminal require the sudo command for permission to change system files. With just a few minutes of your time and some Terminal trickery, you can authenticate sudo in your Terminal commands with Touch ID.