Are my approvals for/ usr/local/ deal with?

I'm making use of HomeBrew for my port requires (appears a little bit "cleaner" than MacPorts).

I can install without sudoing (which is wonderful), yet the male connecting action appears to need it (/usr/local/share/man/man3 is possessed by root).
A guide I located recommends I recursively chown /usr/local by doing

sudo chown -R `whoami` /usr/local

Is this secure ... or is it a Bad Idea ™?

Additionally: are my approvals deal with?

$ pwd
/usr/local/share/man
$ ls -lah
total 32
drwxrwxr-x    8 root  staff   272B  4 Set 11:02 .
drwxrwxr-x    9 root  staff   306B 10 Set 11:27 ..
drwxr-xr-x    3 root  wheel   102B  4 Ago  2009 de
drwxrwxr-x  163 root  staff   5,4K 10 Set 11:27 man1
drwxr-xr-x   11 root  wheel   374B 10 Set 11:27 man3
drwxr-xr-x    7 ago   staff   238B 10 Set 11:39 man5
drwxr-xr-x   11 ago   staff   374B 10 Set 11:39 man7
-rw-r--r--    1 root  staff    13K  4 Set 11:02 whatis
0
2019-05-07 09:17:19
Source Share
Answers: 3

I make use of Homebrew also and also can validate it's entirely secure. Pricing estimate the Installation web page on the main Homebrew FAQ:

Do on your own a favour and also select /usr/local

  1. It's less complicated
    /usr/local/bin is currently in your PATH.

  2. It's less complicated
    Tons of construct manuscripts damage if their dependences aren't in either/ usr or/ usr/local. We repair this for Homebrew solutions (although we do not constantly examination for it), yet you'll locate that several RubyGems and also Python arrangement manuscripts break which is something outside our control.

  3. It's secure
    Apple has actually satisfied POSIX and also left this directory site for us. Which suggests there is no /usr/local directory site by default, so there is no demand to bother with screwing up existing devices.

If you intend to install treasures that rely on mixtures after that conserve on your own a number of problem and also install to /usr/local!

It is not unimportant to inform treasure to search in non - typical directory sites for headers and also dylibs. If you pick /usr/local, every little thing "simply functions!"

I'll simply add that doing points as origin is a really negative suggestion , so chowning /usr/local not just appears practical to me (it's not a system dir on OSX), yet sane .

Your approvals are not proper (yet). Simply run the command you detailed and also you're gon na be great.

If you have various other troubles bear in mind, the brew doctor can aid you!

0
2019-05-09 01:49:30
Source

For what it's worth, /usr/local is ruled out a "system" folder by OS X, and also on an all new Snow Leopard install that folder is vacant.

Any kind of origin - possessed things in that folder is an outcome of sudo make install on various other software, or offering your password after double - hitting on a .pkg that intends to unload things right into /usr/local.

Possessing /usr/local has actually "benefited me" on 2 equipments for over a year.

One gotcha is that if you've mounted MySQL (not making use of Homebrew) and also chown its documents, after that it possibly will not have the ability to see its data sources any longer (so you would certainly need to chown them back to whatever customer MySQL is running as.)

0
2019-05-09 01:46:43
Source

It is generally far better to maintain permissions as rigorous as feasible. Maintaining /usr/local possessed by root suggests that just refines that run as root/ sudo (or request for admin customer using the Apple consent dialog box) can contact this location. Hence, a procedure download needs to ask you for a password prior to damaging documents there.

Yet as you claim, it makes including new programs harder.

I am ALRIGHT with running sudo, as you install points much less usually than running them yet you need to rely on that the construct procedure does not transform anything it should.

If you intend to stay clear of sudo I would certainly install Homebrew right into ~/usr/local and also modify your course, manpath etc to include the directory sites under there.

A far better means is to create an additional customer-- claim, homebrew and also create a directory site possessed by that customer. After that, install there making use of sudo -U homebrew. Various other customers will certainly have the advantage of not having the ability to overwrite any kind of various other documents, due to the fact that they are not running as root and also various other programs can not influence homebrew. (I keep in mind that the Homebrew FAQ does recommend this new customer if you remain in a "multi customer setting". I would certainly claim that any kind of Unix equipment consisting of macOS is a multi customer setting)

However as the Homebrew wiki claims the dishes do not locate all instances of /usr/local and also change them with the picked directory site I believe we are stuck to /usr/local.

0
2019-05-09 01:40:20
Source