Hello - I just got a new Mac with Sierra. For future virus-readiness, I am setting up my Mac with and admin account (that I will only use when necessary - rarely) and a user account withOUT admin privileges that I will regularly use - so viruses can’t get into my system files at all (I at least believe this will provide some level of protection provided my user files are all regularly backed up). As well documented, this causes issues installing homebrew. I have come up with what seems to be a viable fix, and would like feedback from experienced users whether this will cause me problems in the future.
As admin, I installed homebrew. I then used sudo to do the following (as admin) - make a new group
local that I added myself and admin to, and change the group of
Mac-Pro:~ admin$ sudo dseditgroup -o create -r "local group for using /usr/local" local Password: Mac-Pro:~ admin$ sudo dseditgroup -o edit -a admin -t user local Mac-Pro:~ admin $ sudo dseditgroup -o edit -a walkloud -t user local Mac-Pro:~ admin $ sudo chgrp local /usr/local/ Mac-Pro:~ admin $ sudo chmod g+w /usr/local/ Mac-Pro:~ admin $ /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" ==> This script will install: .... Press RETURN to continue or any other key to abort ==> Downloading and installing Homebrew... ... ==> Next steps: - Run `brew help` to get started - Further documentation: http://docs.brew.sh Mac-Pro:~ admin$ cd /usr/local/ Mac-Pro:~ admin$ for d in $(ls); do echo $d; chgrp -R local $d; chmod -R ug+rwX $d; done
I then logged out of my admin account and was able as my non-admin user to
Mac-Pro:~ walkloud$ brew doctor Your system is ready to brew. Mac-Pro:~ walkloud$ brew install python ==> Installing dependencies for python: pkg-config, readline, sqlite, gdbm, openssl ...
for example, and then also
Mac-Pro:~ walkloud$ pip install numpy
So this solution seems to be working so far, I have installed the entire “scipy stack” through nose (nose makes a new dir in /usr/local and this worked). This works for me as I am the only user on my Mac, so I do not have to worry about different users doing stuff to my brew-land that I do not want.
I am worried I am fooling myself on how well this will work, and wondering if there is a better way. Also, if someone knows how to extend such a setup to allow multiple users following these seemingly simple steps, that would be cool and seem to solve others problems.