Mac – Are the permissions for /usr/local/ correct

homebrewmacportspermissionterminal

I’m using HomeBrew for my port needs (seems a bit “cleaner” than MacPorts).

I can install without sudoing (which is great), but the man linking step seems to require it (/usr/local/share/man/man3 is owned by root).
A guide I found suggests I recursively chown /usr/local by doing

sudo chown -R `whoami` /usr/local

Is this safe…or is it a Bad Idea™?

Also: are my permissions correct?

$ pwd
/usr/local/share/man
$ ls -lah
total 32
drwxrwxr-x    8 root  staff   272B  4 Set 11:02 .
drwxrwxr-x    9 root  staff   306B 10 Set 11:27 ..
drwxr-xr-x    3 root  wheel   102B  4 Ago  2009 de
drwxrwxr-x  163 root  staff   5,4K 10 Set 11:27 man1
drwxr-xr-x   11 root  wheel   374B 10 Set 11:27 man3
drwxr-xr-x    7 ago   staff   238B 10 Set 11:39 man5
drwxr-xr-x   11 ago   staff   374B 10 Set 11:39 man7
-rw-r--r--    1 root  staff    13K  4 Set 11:02 whatis

Best Answer

It is usually better to keep permissions as strict as possible. Keeping /usr/local owned by root means that only processes that run as root/sudo (or ask for admin user via the Apple authorization dialog box) can write to this area. Thus, a process download has to ask you for a password before corrupting files there.

But as you say, it makes adding new programs harder.

I am OK with running sudo, as you install things less often than running them but you have to trust that the build process does not change anything it should.

If you want to avoid sudo I would install Homebrew into ~/usr/local and alter your path, manpath etc to include the directories under there.

A better way is to create another user—say, homebrew and create a directory owned by that user. Then, install there using sudo -U homebrew. Other users will have the benefit of not being able to overwrite any other files, because they are not running as root and other programs cannot affect homebrew. (I note that the Homebrew FAQ does suggest this new user if you are in a "multi user environment". I would say that any Unix machine including macOS is a multi user environment)

However as the Homebrew wiki says the recipes don't find all cases of /usr/local and replace them with the chosen directory I suspect we are stuck with /usr/local.

Related Solutions

How to repair permissions on /usr/local after accidentally changed

Assuming you only changed the owner (as your command states), you can return everything back to root ownership by

chown -R root /usr/local

If you think you may need to fix the group ownership too, then this is better

chown -R root:wheel /usr/local

MacOS – How To Make files in `/usr/local` Writable For Homebrew

This should be solved changing the perms on that directory in the following way:

$ cd /usr/local
$ sudo chown -R <your-username>:<your-group-name> *

If you don't know your group, just type id -g.

Best Answer

Related Solutions

How to repair permissions on /usr/local after accidentally changed

MacOS – How To Make files in `/usr/local` Writable For Homebrew

Related Question