Unable to install as a standard user with a permissive sudo policy #312
Description
Hello,
- your problem was from running the official
installoruninstallscript? - after installation: ran
brew configandbrew doctorand included their output with your issue? If you couldn't install: provided your OS version with the output of your issue?
What you were trying to do (and why)
Install Homebrew on macOS 10.15.4 as a standard user with sudo configured to enable the installation.
I have a custom sudo plugin which allows standard users to perform some privileged actions based on various file and process properties, in this case we allow sudo commands to run if the parent process is a verified Homebrew installation script.
You could enable a similar set up with a custom sudoers configuration, although it would be difficult to get right and far too permissive.
Many companies enforce "least privilege" solutions company wide, but they would also like to allow their developers and power users to use the latest Homebrew installer.
What happened (include command output)
standard@mac ~ % ./install.sh This script requires the user test to be an Administrator.
What you expected to happen
The installation script shouldn't check if the user is a member of the admin group, because they might have sufficient privileges as a standard user. If the sudo command fails it can abort with a useful error message. This is what happens if you simply remove the group membership check from the script.
... ==> The following existing directories will have their group set to admin: /usr/local/bin /usr/local/etc ... Press RETURN to continue or any other key to abort Password: ... Need sudo access on macOS!
And in the case where sudo is permissive, Homebrew will install successfully.
Step-by-step reproduction instructions (by running brew commands)
Any custom sudoers configuration I could write would be too permissive to be used in practice, but would work for testing purposes. I'll happily create one if the above descriptions aren't sufficient.
Thanks!