9

Having fresh install of OS X, I decided to install python package manager in proper way. So I started googling and found homebrew is the best way. Now I got two questions:

  • from homebrew FAQ:

Homebrew is designed to work without using sudo.

However the install script asks for password. That's because the actual user is given permission to read,write,execute the usr/local... dirs as being admin's group member. Thus, instead of asking sudo each time, homebrew asks it once. Nevertheless the rules are broken since you have to use sudo yes or yes.

I was afraid of using sudo with python when installing packages. This is why I decided for homebrew. But isn't it the same actually?

If this is true, I see it unsafe to let homebrewed programs to do what the y want to do since they have root permissions.

  • from homebrew FAQ:

/usr/local/bin is already in your PATH.

Then why I need to

insert the Homebrew directory at the top of your PATH

as it's said in http://docs.python-guide.org/en/latest/starting/install/osx/ ?

Commands homebrew's install script executed:

/usr/bin/sudo /bin/chmod g+rwx /usr/local/. /usr/local/include /usr/local/lib /usr/local/lib/pkgconfig

/usr/bin/sudo /usr/bin/chgrp admin /usr/local/. /usr/local/include /usr/local/lib /usr/local/lib/pkgconfig
Improve this question
0

2 Answers 2

Reset to default
5

They say to put /usr/local/bin/ at the top of your $PATH so that homebrewed programs are found before system ones. For example, if you use the homebrew version of python, the system one in /usr/bin/python will get called before /usr/local/bin/python unless /usr/local/bin is before /usr/bin in your $PATH, even though /usr/local/bin is already in your $PATH.

Improve this answer
0
3

Whoah, who said the installed programs have root permissions? sudo is used to give you permission to write to protected directories so you can install stuff into system folders. The root permissions are not magically inherited by the programs you install. They are installed like all programs with whatever permissions they are supposed to have. Installing with sudo will not elevate the permissions of the installed files.

As for the $PATH, if homebrew is installed into /usr/local/bin and that is already in your $PATH then you simply don't need to do anything.

Improve this answer
6
  • Thank you terdon. You say that programs installed to elevated permissions directory don't inherit the permissions. 'brew' is the only file I got in /usr/local/bin. And it is admin's group. Then run it it's like run it with sudo. Won't it happen the same with the rest of the programs?
    – Vito Valov
    Commented Oct 6, 2013 at 14:47
  • 1
    @slinzex that's not how permissions work. What you see, is that the file's owner is admin. Look at ls -l /bin/ls, you will see it is also owned by admin. That does not mean that it will run with admin privileges. It just means it belongs to admin. However, all executables run with the permissions of the user who executed them. If admin runs them, they will have admin privileges, if you run them, they will not. The only exception are cases where the SUID bit is set. Have a look here.
    – terdon
    Commented Oct 6, 2013 at 14:53
  • Thanks for very nice and useful refresher. The permissions over brew are -rwxr-xr-x. And the owner is "user" of the group "admin". And ls is owned by root. Then the user can rx, as well as root. Admin cannot write, as well as other. The user is in admin's group. Prior to install homebrew, usr/local was wheel's group. Now it's admin's. Before I had to use sudo to write there, now not, right? So in conclusion, what changed now with chmod g+rwx and chgrp admin /usr/local/. ?
    – Vito Valov
    Commented Oct 6, 2013 at 16:46
  • @slinzex I'm afraid I have no idea what you're asking. If this is a new issue, please post a new question, this is not a forum. I don't know if you can write without seeing the whole permissions string and knowing your groups. If you ran chmod g+rwx and /usr/local/ then everyone in the admin group has read/write and execute access to /usr/local/ (not to any files and folders in there, only to /usr/local). The take home message is that programs run with the permissions of the user who launched them so installing with sudo will not affect the permissions of the programs when executed.
    – terdon
    Commented Oct 6, 2013 at 16:52
  • it's the same topic. The two commands I've mentioned is what homebrew's script did on my computer when installed. It asks for sudo password obviously. The thing I ask is: what is the purpose of that? To give brew permission to download and install programs here and thus write, read and execute them. Then if brew is owned by me, when I run it, it will be able to run any program it downloads and installs, and that program will run with my permissions as well? Couldn't this be dangerous? What I see is that prior having hb, I could control what's being executed there with sudo. Now I don't.
    – Vito Valov
    Commented Oct 6, 2013 at 17:54

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .