-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathenable-touchid-for-sudo-access.sh
More file actions
36 lines (28 loc) · 1.09 KB
/
enable-touchid-for-sudo-access.sh
File metadata and controls
36 lines (28 loc) · 1.09 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#!/bin/bash
local LOG_PREFIX="[enable touchId for sudo access]:"
# The file to be modified to configure sudo access
# NOTE: Instead of modifying the main /etc/pam.d/sudo file, which would be
# overriden at every system update, we create a _local extension file,
# which is maintained by the user and already imported by the main one.
local SUDO_ACCESS_FILE="/etc/pam.d/sudo_local"
# line to enable touchId for sudo access
local AUTH_LINE="auth sufficient pam_tid.so"
local _already_set() {
test $(grep -Fxq $AUTH_LINE $SUDO_ACCESS_FILE)
}
# create the /etc/pam.d/sudo_local file if it doesn't exist
if [ ! -e $SUDO_ACCESS_FILE ]; then
sudo touch $SUDO_ACCESS_FILE
echo "$LOG_PREFIX $SUDO_ACCESS_FILE created"
else
echo "$LOG_PREFIX $SUDO_ACCESS_FILE already exists"
return
fi
if _already_set; then
echo "$LOG_PREFIX touchId for sudo access already enabled"
return
fi
# enable touchId for sudo access
echo $AUTH_LINE | sudo tee -a $SUDO_ACCESS_FILE >/dev/null
defaults write com.apple.security.authorization ignoreArd -bool true
echo "$LOG_PREFIX touchId for sudo access should be now enabled"