Brew: Sudo restriction breaks linkapps and cask for non-admin users

Created on 24 Nov 2016 · 13Comments · Source: Homebrew/brew

I'm having some trouble with brew post sudo restrictions.

Error: Running Homebrew as root is extremely dangerous and no longer supported.
As Homebrew does not drop privileges on installation you would be giving all
build scripts full access to your system.

In general this sounds like good idea, but the problem I'm running into is my user is non-admin so I don't have access to /Applications/ which breaks any operation that relies on write access to the directory, eg, linkapps and pretty much anything having to do with cask.

Now while I could give my user permissions to write into /Applications/, I feel like that is counter-productive in terms of security. I'd actually _prefer_ to be able to briefly sudo an install script then have my user constantly have full access to the the /Applications/ directory.

Are their any work arounds to the current sudo restriction?

Apologies in advance if this has already been covered, I did some searching of issues and didn't find this particular scenario.

Source

JamesMcMahon

All 13 comments

I guess the obvious work around is to create another user with /Applications/ privileges and sudo -u into that users to evaluate permissions. Is that a sound plan or would it have ramifications I'm not thinking of on the permission setup of Homebrew?

My other worry with this approach is that I am not using /usr/local/ (again, for security reasons) and am instead installing everything into ~/.brew/.

JamesMcMahon on 24 Nov 2016

Our recommendation is to run Homebrew as an admin user.

MikeMcQuaid on 24 Nov 2016

👎3

Would you be open to a patch that would allow a user to be able to run sudo when brew is passed a switch?

Basically this breaks Homebrew for me in the name of security, but to fix it I'd need to lower the security of my machine. Would it be reasonable to allow your user to decide which trade off they would rather make?

(The other thing that is kind of annoying is I can't even uninstall packages installed by cask at this point, I'm stuck in this weird limbo with them because I can't elevate my permissions)

JamesMcMahon on 24 Nov 2016

Would you be open to a patch that would allow a user to be able to run sudo when brew is passed a switch?

No, sorry.

but to fix it I'd need to lower the security of my machine.

Can you explain how you'd need to "lower security"?

because I can't elevate my permissions

It's worth noting: you can elevate your permissions, you just choose not to.

Homebrew has a recommended, secure default. If people can demonstrate vulnerabilities, we'll fix them. I know security people who are literally attacked by malicious nation states who use the default Homebrew locations. That's not to say you need to do things our way (we allow deviation from our defaults, obviously) but it does mean you'll be on the path less trodden and the experience is less likely to be optimal.

MikeMcQuaid on 24 Nov 2016

Can you explain how you'd need to "lower security"?

Sure. The admin accounts on Mac OSX have full access to /Applications/ with no privilege escalation required, so if my account was ever compromised they could modify / delete / install Applications carte blanche. Admittedly, I adopted running as a non-admin awhile ago and since then Gatekeeper has been introduced and might help with some scenarios.

I accept that I am outlier in this regard, but there are a few other like minded out there, even Apple makes a few recommendations in this area,

https://help.apple.com/machelp/mac/10.12/index.html#/mh11389

To reduce exposure to harmful apps or files, limit the number of administrator users you create. Consider creating a standard user for your daily work and use the administrator user only when you need to install software or administer users.

See also:

That being said, I've thought this through more and decided the problem is more with my setup then Homebrew. I think you guys are doing the right thing by disallowing sudo to root which escalates to full system access and is more dangerous then running as admin (due to admin not having full root access).

Basically, running Cask (or putting anything in /Applications/) as my standard user is counter to what I was trying to accomplish in the first place.

I guess my problem now is that this change caught me off guard and it's now harder to make the corrections I need to do without sudo.

JamesMcMahon on 24 Nov 2016

Basically, running Cask (or putting anything in /Applications/) as my standard user is counter to what I was trying to accomplish in the first place.

Indeed. Whether you run day-to-day as a normal user or not: running Homebrew as an administrator is the best route to avoid pain. Thanks!

MikeMcQuaid on 24 Nov 2016

Follow up question, I want to standardize my brew directory to the standard one. I believe it's now /usr/local/Homebrew. Would everything (besides things that require /Applications/ access) now work?

It seems like with the introduction of the Homebrew subdirectory I wouldn't need full access to /usr/local just that directory.

JamesMcMahon on 24 Nov 2016

The HOMEBREW_PREFIX is /usr/local and HOMEBREW_REPOSITORY is /usr/local/Homebrew. You can look at the installer to see how this is done; effectively the Git repository in /usr/local/Homebrew and symlink /usr/local/Homebrew/bin/brew to /usr/local/bin/brew.

You'll get access to more binary packages then, yes.

MikeMcQuaid on 24 Nov 2016

👍1

It was pointed in another thread that I could use linkapps --local instead to install everything in my home directory.

The (prehaps misguided) reasons I avoided /usr/local in the first place was a desire to not have to give my standard too many system level permissions. Sounds like new setup would still need access to /usr/local/ so it can create symlinks.

JamesMcMahon on 24 Nov 2016