I have a local admin user and a few "network" mobile users (without admin privileges) who need to be able to brew on a Mac. So, these 'network' users are not members of the group admin and probably shouldn't be.
$ ls -l /user/local
-rw-r--r-- 1 localadmin admin 491 Jan 21 18:04 CONTRIBUTING.md
drwxr-xr-x 6 localadmin admin 204 Jan 21 18:23 Cellar
drwxr-xr-x 8 localadmin admin 272 Jan 21 18:06 Library
-rw-r--r-- 1 localadmin admin 789 Jan 21 18:04 README.md
drwxr-xr-x 44 localadmin admin 1496 Jan 23 23:44 bin
drwxr-xr-x 3 localadmin admin 102 Jan 21 18:06 etc
drwxr-xr-x 27 localadmin admin 918 Jan 21 18:24 include
drwxr-xr-x 98 localadmin admin 3332 Jan 21 18:24 lib
drwxr-xr-x 6 localadmin admin 204 Jan 21 18:24 opt
drwxr-xr-x 9 localadmin admin 306 Jan 21 18:24 share
drwx------ 3 localadmin admin 102 Jan 21 18:37 var
My question is would there be a problem with, say, changing the group from admin to something like brewers for /usr/local -R (recurseively)? Then add root, localadmin and each network user to the brewers group. Would each network user now be able to brew?
I have read that I might need to change the umask for each network user to 0002?
Best Answer
This can work if you also then make
/usr/local/and everything under it group-writable withchmod. The current permissions have them writable only by localadmin.Yes, you will need to do something about the
umaskfor users runningbrew. Otherwise users won't be able to modify stuff brewed by other users, even if they're both in thebrewersgroup. You probably don't want to change their defaultumask, because then all the files they create would be group-writable, which is probably not what you want. You might use a custom wrapper script around thebrewcommand which sets theumaskto 002 for just the duration of that command, e.g. by doing theumaskandbrewcalls in a subshell.