Use TouchID to Authenticate sudo on macOS

Your TouchID equipped Mac can easily be configured to use your fingerprint to approve sudo commands.

Use your favorite text editor and open the file


and add the following line

auth sufficient

below the line as shown below and then save (Ctrl+O for pico) the file.

$ sudo pico /etc/pam.d/sudo

  UW PICO 5.09                     File: /etc/pam.d/sudo                        

# sudo: auth account password session
auth       sufficient
auth       sufficient
auth       required
account    required
password   required
session    required

^G Get Help  ^O WriteOut  ^R Read File ^Y Prev Pg   ^K Cut Text  ^C Cur Pos   
^X Exit      ^J Justify   ^W Where is  ^V Next Pg   ^U UnCut Text^T To Spell

File Name to write : /etc/pam.d/sudo                                            
^G Get Help  ^T  To Files                                                     
^C Cancel    TAB Complete                                                     

                               [ Wrote 7 lines ]                                
^G Get Help  ^O WriteOut  ^R Read File ^Y Prev Pg   ^K Cut Text  ^C Cur Pos   
^X Exit      ^J Justify   ^W Where is  ^V Next Pg   ^U UnCut Text^T To Spell  

That’s it. Now when you open a new Terminal window you can use TouchID to approve sudo commands. If you also have your Apple Watch set to unlock your Mac, you will also be able to approve sudo commands by double-clicking the side button on the watch.

Keep in mind that this file is somewhat protected by macOS so after each OS update you will need to add the line to the file. Other than that, it works perfectly!

Automatically Disconnect Wifi When Wired Interface Is Detected.

EDIT: So it looks like some people are concerned with the sudo requirement. I need AirDrop and other macOS services that rely on WiFi to continue working so I cannot afford to disable the wireless interface. As far as I know there is no way to just disassociate from the network without sudo or turning off the interface. Since I have also enabled, it just brings up a Touch ID prompt on my screen whenever it needs to run the sudo command.

After using a Sonnet Solo10G SFP+ network adapter with my 14″ MacBook Pro for a few months it was great but something felt off. I was looking for a way to have wifi automatically disconnect (not turn off) when the SFP adapter established a connection and then reconnect once the SFP adapter was removed.

The issue is that since each network interface gets its own IP from the router’s DHCP, it fails to register the DNS record for the new interface since one already exists with the same name. This causes macOS to throw an error that the hostname is already in use and then appends a number to the hostname as a workaround to resolve the conflict. After a month your mac’s hostname would look something like ”macbook pro-1-5-9” or something weird like that. Not ideal.

Error message from an older version of macOS.

So I started looking for ways to interface with airport from the terminal.

Connect to a network:

networksetup -setairportnetwork en0 "$WIFI_SSID"

Get current network SSID:

networksetup -getairportnetwork en0 

Disconnect from current network:

sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport "en0" -z

Then, a shell script based on the commands above:



WIFI_STATUS=$(ifconfig $WIFI_INTERFACE | grep status | awk -F' ' '{ print$2 }')

if [[ ("$(ifconfig $WIRED_INTERFACE | grep status | awk -F' ' '{ print$2 }')" = "active" ) ]]

echo "------------Network Check RUN------------"
echo $(date)

if [[ ("$WIRED_STATUS" = "active" ) && ("$WIFI_STATUS" = "active" ) ]]
	networksetup -getairportnetwork $WIFI_INTERFACE | awk -F':' '{ print$2 }' | cut -c 2- > $TEMP_LOCATION
	sudo /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport "$WIFI_INTERFACE" -z
	echo "Action: WiFi disconnecting from $WIFI_SSID"
elif [[ ("$WIRED_STATUS" != "active" ) && ("$WIFI_STATUS" != "active" ) ]]; then
	if [[ -z "$WIFI_SSID"  ]]; then
		echo "No wifi_ssid found in $TEMP_LOCATION. Using default_ssid $DEFAULT_SSID"
	networksetup -setairportnetwork $WIFI_INTERFACE "$WIFI_SSID"
	echo "Action: WiFi connecting to $WIFI_SSID"
	echo "Action: NO CHANGE"

Remember to update the WIFI_INTERFACE=en0, WIRED_INTERFACE=en4, DEFAULT_SSID="Your SSID" and TEMP_LOCATION="/Users/YOURUSER/.wifi_ssid" variables for your system.

Saving this to ~/network_check and then running:

sudo chmod u+x ~/network_check

Now we need a way to run this script each time there is a change in the network configuration. Based on some google research it seems like a good file to watch for changes is:


Set up a user agent to watch for this file and then run the script.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">

Remember to update the Program string with your script path.

Save this plist to:


Then run the following to load the agent:

launchctl load ~/Library/LaunchAgents/local.network_check.plist

For more details on how macOS daemons and agents work check out this post .

Now whenever the network adapter is connected or disconnected we see the desired behavior:

------------Network Check RUN------------
Fri Jul 1 12:09:00 CDT 2022
WIRED_STATUS: disconnected
------------Network Check RUN------------
Fri Jul 1 12:09:35 CDT 2022
Action: WiFi disconnecting from MYSSID
------------Network Check RUN------------
Fri Jul 1 12:09:46 CDT 2022
WIFI_STATUS: inactive
------------Network Check RUN------------
Fri Jul 1 12:19:54 CDT 2022
WIFI_STATUS: inactive
WIRED_STATUS: disconnected
Action: WiFi connecting to MYSSID

Here is a link to my GitHub page for the script.