Are my permissions for /usr/local/ correct?
Solution 1:
It is usually better to keep permissions as strict as possible. Keeping /usr/local
owned by root
means that only processes that run as root
/sudo
(or ask for admin user via the Apple authorization dialog box) can write to this area. Thus, a process download has to ask you for a password before corrupting files there.
But as you say, it makes adding new programs harder.
I am OK with running sudo
, as you install things less often than running them but you have to trust that the build process does not change anything it should.
If you want to avoid sudo I would install Homebrew into ~/usr/local
and alter your path, manpath etc to include the directories under there.
A better way is to create another user—say, homebrew
and create a directory owned by that user. Then, install there using sudo -U homebrew
. Other users will have the benefit of not being able to overwrite any other files, because they are not running as root
and other programs cannot affect homebrew. (I note that the Homebrew FAQ does suggest this new user if you are in a "multi user environment". I would say that any Unix machine including macOS is a multi user environment)
However as the Homebrew wiki says the recipes don't find all cases of /usr/local
and replace them with the chosen directory I suspect we are stuck with /usr/local
.
Solution 2:
I use Homebrew too and can confirm it's totally safe. Quoting the Installation page on the official Homebrew FAQ:
Do yourself a favour and pick
/usr/local
It’s easier
/usr/local/bin
is already in yourPATH
.It’s easier
Tons of build scripts break if their dependencies aren’t in either /usr or /usr/local. We fix this for Homebrew formulas (although we don’t always test for it), but you’ll find that many RubyGems and Python setup scripts break which is something outside our control.- It’s safe
Apple has conformed to POSIX and left this directory for us. Which means there is no/usr/local
directory by default, so there is no need to worry about messing up existing tools.If you plan to install gems that depend on brews then save yourself a bunch of hassle and install to
/usr/local
!It is not trivial to tell gem to look in non-standard directories for headers and dylibs. If you choose
/usr/local
, everything “just works!”
I'll just add that doing things as root is a very bad idea, so chown
ing /usr/local
not only seems reasonable to me (it's not a system dir on OSX), but sane.
Your permissions are not correct (yet). Just run the command you listed and you're gonna be fine.
If you have other problems remember, the brew doctor
can help you!