Comments (5)
This is the way.
from sudo-touchid.
Now that Sonoma is out with sudo_local
(#18), it seems pointless to implement this. @gzm55 do you think it's still relevant?
from sudo-touchid.
sudo_local is almost the way in this issue, the latest /etc/pam/sudo
contains the line as the first auth
line:
auth include sudo_local
For the newer OS (>=14), we should create/edit the /etc/pam/sudo_local
(a fixed magic path) to enable all the plugins (tid, pam_reattach, etc.) we needed without any include
lines.
In the sudoers
part on the newer OS, we don't need to enable another pam_service
, but we should better keep the restore commands using a safe pam_service and NOPASSWD
to disable a bad /etc/pam/sudo_local
.
from sudo-touchid.
+1 to this. The first thing that came into mind when comparing this method vs. sudo_local was the lack of a safe recovery mechanism.
But this would still be the right way on pre-sonoma machines. Maybe change it to /etc/pam.d/sudo_local instead of /etc/pam.d/my-sudo so that its ready for Sonoma+(?)
Also, it would have been nice if "pam_reattach" and "pam_watchid" could somehow be chosen as an option during install, instead of having to manually add that too. Wishful thinking on my part.
from sudo-touchid.
But this would still be the right way on pre-sonoma machines. Maybe change it to /etc/pam.d/sudo_local instead of /etc/pam.d/my-sudo so that its ready for Sonoma+(?)
The hard part for pre-sonoma is that the OS will be upgrade to sonoma, and the include
direction need to be reversed after upgrading:
- on osx 13: /etc/pam.d/my-sudo include lines from /etc/pam.d/sudo
- on osx 14: /etc/pam.d/sudo include lines from /etc/pam.d/sudo_local
I'm afraid the cycling includes of sudo and sudo_local would introduce some troubles.
from sudo-touchid.
Related Issues (16)
- Add uninstallation (different from restoring from backup)
- Apple Watch support? HOT 1
- Does this work with macOS 12.6? HOT 5
- Running Homebrew as root is extremely dangerous and no longer supported. HOT 17
- plist_options is depricated HOT 1
- stopped working after the latest update HOT 1
- Homebrew install does not succeed
- sudo_local in Sonoma HOT 1
- Don't works with Sonoma HOT 3
- Add --help with usage info
- Add -q, --quiet option
- It can't seem to show up?? HOT 3
- TouchID not prompted when running sudo in tmux HOT 2
- Service does not work after upgrade HOT 20
- Configure automated tests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sudo-touchid.