Apple - Homebrew permissions & multiple users needing to brew update
Is this considered bad? I thought one of the advantages of using /usr/local/ for your installs was that you don't need sudo. But clearly we do.
Homebrew, by default, sets itself up for single-user access to /usr/local
. So you need to open up the permissions on the directory tree for it to be administered by more than one person.
People don't need to run sudo here to administer homebrew. You just need to change some permissions. Since you already have:
All users who would need to modify Homebrew are members of admin group.
You need to do two more things:
- Make sure everything under
/usr/local
belongs to the groupadmin
; and - Make sure anyone from the group
admin
can write to anything under/usr/local
.
In this case the changes to make are:
chgrp -R admin /usr/local
chmod -R g+w /usr/local
chgrp -R admin /Library/Caches/Homebrew
chmod -R g+w /Library/Caches/Homebrew
And any user from the admin
group should be able to manage the homebrew installation on the machine. If you need to add a user to the admin group this can be accomplished like this:
dseditgroup -o edit -a <username> -t user admin
(that user will need to login again to have the privileges granted).
For sanity on the machine, you may want to consider creating your own fork of Homebrew and have your local homebrew git repository point to the local fork. That lets you customize Homebrew for your environment and control the versions of packages that people are able to install with the brew
command. With multiple people doing installs you could run in to version issues or dependency issues.
You can enable homebrew permissions for more than one user via the admin group, or via any other user group. Here is a slightly expanded recipe to configure this:
The group needs to administer the local homebrew install directory. So assign /usr/local to admin group (or your preferred group) and enable group write permissions:
chgrp -R admin /usr/local
chmod -R g+w /usr/local
The group also needs permissions for homebrew's local cache of formulae and source files at /Library/Caches/Homebrew:
chgrp -R admin /Library/Caches/Homebrew
chmod -R g+w /Library/Caches/Homebrew
If you run into further similar permissions issues while using homebrew from multiple accounts, note the offending path and consider trying the same approach.
Leif Hanack has blogged a similar solution, where he creates and configures a dedicated user group brew for the purpose.
--Update 2015-08-20
I recently used this answer again to set up a guest account with homebrew access. In order to use Cask from the second admin account I had to also run the following commands:
chgrp -R admin /opt/homebrew-cask
chmod -R g+w /opt/homebrew-cask
I was just going to comment on the accepted answer (but don't have the reputation for that yet.)
As a user of Caskroom.io, I would also recommend adding:
sudo chown -R admin /opt/homebrew-cask
sudo chmod -R g+w /opt/homebrew-cask
sudo chmod -R g+w /Library/Caches/Homebrew/
since cask, an extremely useful extension to homebrew, puts all its files in /opt/homebrew-cask