Let us ignore the virus or no virus, as this was just a motivation to have a non-admin user being able to use Homebrew in the standard location. @tgamblin provided another reason outside the users control: work requires you to use a non-admin account (but you can still work as
<admin> now and then when necessary).
I do not agree that your description of how it will work is necessary - precisely, the use of
su admin brew install <package> is NOT required. Verified: these steps
$ sudo dseditgroup -o create -r "local group for using /usr/local" local
$ sudo dseditgroup -o edit -a <admin-user> -t user local
$ sudo dseditgroup -o edit -a <non-admin-user> -t user local
$ sudo chgrp local /usr/local
$ sudo chmod g+ws /usr/local
$ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
allow any user in the group
local to use Homebrew in the standard fashion. For example, as the non-admin user, I can now
brew install <package> without issue, e.g.
<non-admin>$ brew install wget
<non-admin>$ ls -l /usr/local/bin/ | grep wget
lrwxr-xr-x 1 <non-admin> local 32 May 18 19:25 wget -> ../Cellar/wget/1.19.1_1/bin/wget
<non-admin>$ ls -l /usr/local/Cellar/wget
drwxr-xr-x 12 <non-admin> local 408 May 18 19:38 1.19.1_1
You will notice the installed package did NOT inherit the group write permissions, but it is in the group
local, so any user in
local can use it, importantly, the
<non-admin> user. To get the
g+w inheritance to work, one must ensure BOTH
<non-admin> have their default permissions set to
umask u=rwx,g=rwx,o=rx, in the
.bash_profile for example. I expect this is only an issue if one needs to run as
<admin> to clean up something, as you would not want multiple users using the same Homebrew stack. This is verified also: set
umask u=rwx,g=rwx,o=rx in both
<non-admin>$ brew install python3
<non-admin>$ ls -l /usr/local/Cellar/python3
drwxrwxr-x 13 <non-admin> local 442 May 30 09:48 3.6.1
I believe, with few exceptions that have known symptoms and fixes, this is a viable working means of having a
<non-admin> user use Homebrew in the standard location.