change back to bash
chsh -s /bin/bashIn order to enable Homebrew to work with a non-admin user, we need to create a new group that both the admin and non-admin user will be part of. Then, we can set up the /usr/local directory such that all files and directories in there will be part of our new group. Finally, we can set up the directories such that they will inherrit the default group permissions, such that most files created there will be useable to any member of the group. This will fail once in a while as such permissions are not always respected by make and the Makefiles people create, so we will make a small script to fix all permissions to work nicely. There are also a few packages from homebrew that try and copy an executable to /Applications when the install is finished. This fails without prompting the non-admin user to get permission from an admin. I do not yet have a workaround for this, so I install these with my admin account.
The first thing to do is create our new group with our admin account admin-user:
sudo dseditgroup -o create -r "local group for using /usr/local" local
sudo dseditgroup -o edit -a <admin-user> -t user local
sudo dseditgroup -o edit -a <non-admin-user> -t user localIn order to get our permissions to work properly, we have to add the following to the .bash_profile of all the users we want to be part of this local group. User your favorite editor to edit this file ~/.bash_profile - at the very top, we should have these lines:
umask u=rwx,g=rwx,o=rx
test -f ~/.bashrc && source ~/.bashrcThe first line sets the default permissions for the user. It will give write (w) access to group as well as user, but not to other. This means you implicitly trust all members of your group not to delete files of the user or rather, that if they do delete them, it is acceptable behavior. Since you are the admin-user and non-admin-user, hopefully you trust yourself. Once you have modified the .bash_profile for both your admin-user and non-admin-user account, we are ready to proceed.
Now, we can install homebrew as our admin
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"A fresh installation of Catalina has an empty /usr/local folder. Therefore, anything in this folder is stuff installed by you or another user on the same computer. Therefore, we will update all files and directories this location as opposed to filtering on the owner. First, we can inspect /usr/local
ls -l /usr/local
drwxrwxr-x 2 admin-user admin 64 Dec 7 07:13 Caskroom
drwxrwxr-x 2 admin-user admin 64 Dec 7 07:13 Cellar
...We see the folders installed by homebrew are owned by your admin-user with admin group. We are going to make a script to run the permission fixing as we may have to do this repeated times over the life of the computer. The script will contain the following lines, which you can copy and paste, or create a bash script and run:
for d in $(ls /usr/local); do echo $d; sudo chgrp -R local /usr/local/$d; sudo find /usr/local/$d -exec chmod ug+rwX {} \;; sudo find /usr/local/$d -type d -exec chmod g+s {} \;; doneThe final chmod g+s tells each directory that for each new file/dir added, inherrit the group permissions of the folder. Inspect the /usr/local dir to make sure it worked:
ls -l /usr/local
drwxrwsr-x 2 admin-user local 64 Dec 7 07:13 Caskroom
drwxrwsr-x 2 admin-user local 64 Dec 7 07:13 Cellar
...Now let us test it out. Login to your non-admin-user account. You should be able to see brew
which brew
/usr/local/bin/brewand now let us install something
brew install wgetand see that it installed
non-admin-user@hostname:$ which wget
/usr/local/bin/wget