I have a local admin user and a few "network" mobile users (without admin
privileges) who need to be able to brew
on a Mac. So, these 'network' users are not members of the group admin
and probably shouldn't be.
$ ls -l /user/local
-rw-r--r-- 1 localadmin admin 491 Jan 21 18:04 CONTRIBUTING.md
drwxr-xr-x 6 localadmin admin 204 Jan 21 18:23 Cellar
drwxr-xr-x 8 localadmin admin 272 Jan 21 18:06 Library
-rw-r--r-- 1 localadmin admin 789 Jan 21 18:04 README.md
drwxr-xr-x 44 localadmin admin 1496 Jan 23 23:44 bin
drwxr-xr-x 3 localadmin admin 102 Jan 21 18:06 etc
drwxr-xr-x 27 localadmin admin 918 Jan 21 18:24 include
drwxr-xr-x 98 localadmin admin 3332 Jan 21 18:24 lib
drwxr-xr-x 6 localadmin admin 204 Jan 21 18:24 opt
drwxr-xr-x 9 localadmin admin 306 Jan 21 18:24 share
drwx------ 3 localadmin admin 102 Jan 21 18:37 var
My question is would there be a problem with, say, changing the group from admin
to something like brewers
for /usr/local -R
(recurseively)? Then add root
, localadmin
and each network user to the brewers
group. Would each network user now be able to brew
?
I have read that I might need to change the umask
for each network user to 0002
?
Best Answer
This can work if you also then make
/usr/local/
and everything under it group-writable withchmod
. The current permissions have them writable only by localadmin.Yes, you will need to do something about the
umask
for users runningbrew
. Otherwise users won't be able to modify stuff brewed by other users, even if they're both in thebrewers
group. You probably don't want to change their defaultumask
, because then all the files they create would be group-writable, which is probably not what you want. You might use a custom wrapper script around thebrew
command which sets theumask
to 002 for just the duration of that command, e.g. by doing theumask
andbrew
calls in a subshell.