Need Homebrew advice


(Todd Echterling) #1

At my university we just purchased a new lab of iMacs that will be deployed in a lab environment. The end users are from our campus AD logging in to the iMacs. These users will not have admin rights to do anything. We want to install homebrew so that admins can “brew” a piece of software that can be used by anyone logged in to the machine. These new machines are running High Sierra so SIP is in the picture. We deploy Eclipse and the JDK using Jamf Pro. i would like to have a Homebrew install script that would run from Jamf Pro on each machine to install homebrew base and a set of brewed packages like python, ocaml and a few more. then as more packages come up we can add them using new install scripts, or just SSH in and brew the new app.

I have noticed that people say create a brew user and do everything as that user then chmod/own /usr/local/* to that user group and give wide open control so that anybody can run the commands.

Any input or help would be greatly appreciated…

Thanks,
Todd


(Jonathan Chang) #2

You might find brew bundle to be useful: https://github.com/Homebrew/homebrew-bundle

If you don’t want your end users to be able to update the software themselves then creating a Homebrew-specific admin user where brew commands are run from is probably sufficient. I think by default non-admin users are put in the staff group, so they’ll have read and execute permissions to Homebrew’s prefix but won’t be permitted to modify the install.