Allow for non-admin installs where brew can only be run by another user

[rcarmo]

The extension just tried to self-upgrade, and failed because brew upgrade azure-functions-core-tools gave the following output:

Updating Script templates for runtime "~2" to version "2.11.1"...
Successfully updated templates.
Updating .NET templates for runtime "~2" to version "2.11.1"...
Successfully updated templates.
Running command: "brew upgrade azure-functions-core-tools"...
Error: /usr/local/Cellar is not writable. You should change the
ownership and permissions of /usr/local/Cellar back to your
user account:
  sudo chown -R $(whoami) /usr/local/Cellar
Error: The following directories are not writable by your user:
/usr/local/Cellar
/usr/local/Frameworks
/usr/local/Homebrew
/usr/local/bin
/usr/local/etc/bash_completion.d
/usr/local/include
/usr/local/lib/pkgconfig
/usr/local/lib/python3.7/site-packages
/usr/local/opt
/usr/local/share/aclocal
/usr/local/share/doc
/usr/local/share/locale
/usr/local/share/man/man1
/usr/local/share/man/man2
/usr/local/share/man/man3
/usr/local/share/man/man4
/usr/local/share/man/man5
/usr/local/share/man/man6
/usr/local/share/man/man7
/usr/local/share/man/man8
/usr/local/share/zsh
/usr/local/share/zsh/site-functions
/usr/local/var/homebrew/linked
/usr/local/var/homebrew/locks
/usr/local/var/log

You should change the ownership of these directories to your user.
  sudo chown -R $(whoami) /usr/local/Cellar /usr/local/Frameworks /usr/local/Homebrew /usr/local/bin /usr/local/etc/bash_completion.d /usr/local/include /usr/local/lib/pkgconfig /usr/local/lib/python3.7/site-packages /usr/local/opt /usr/local/share/aclocal /usr/local/share/doc /usr/local/share/locale /usr/local/share/man/man1 /usr/local/share/man/man2 /usr/local/share/man/man3 /usr/local/share/man/man4 /usr/local/share/man/man5 /usr/local/share/man/man6 /usr/local/share/man/man7 /usr/local/share/man/man8 /usr/local/share/zsh /usr/local/share/zsh/site-functions /usr/local/var/homebrew/linked /usr/local/var/homebrew/locks /usr/local/var/log

This is normal in my case because I never run any brew command under my own user account (I only run non-App Store installers and brew under an admin account), but needs to be handled correctly, because even though it is (sadly) common practice for Mac users to run everything under admin accounts, using that as an install/upgrade assumption will break things for those of us who are more careful about security.

The ask here is that the non-admin scenario be taken into account, and (hopefully) the way it's handled become a standard practice for this and other extensions.

[ahmelsayed]

I'm not a homebrew expert, but I thought usually when you install stuff in homebrew they go under /usr/local/Cellar by default which requires root to write to. Do you have other examples of tools you use through homebrew that don't require root to install or update? The main guidance from homebrew I can find is to install homebrew itself differently.

[rcarmo]

You don’t need to be root, you need to be an administrator (the first account on a Mac is usually placed in the admin group by default). However, running things as an administrator exposes you to unmonitored filesystem manipulation by rogue software, which is why I only do installs and updates using a separate admin account. I `su -` to an admin account to run homebrew, and am prompted by graphical installers to enter an admin account password when necessary. The extension should check if I have admin privileges and prompt me to run brew manually if required.

[ahmelsayed]

I a bit confused on whether you're asking to change how homebrew works or how our homebrew formula works. As far as I can tell, our formula is just a generic homebrew formula as far as I know. I didn't author that formula however, so I'm not sure if there is something that can be done there to address your issue.

Are there any existing homebrew formulas that work as you are describing that I can look at? in particular a formula that allows you to upgrade without elevation?

[rcarmo]

No, I would like our extension to, as a baseline, detect when elevation or change of uid is required to run brew (by checking the perms on the destination folder) and notify the user accordingly to do a manual step if required, so that it does not error out. Brew works just fine as it is, although the issue of privilege elevation rears its head routinely (the default is still to assume that the user that runs brew is part of the admin group, or you can do an alternate install - but the latter has its own issues).

…

On 14 Nov 2018, at 20:15, Ahmed ElSayed ***@***.***> wrote: I a bit confused on whether you're asking to change how homebrew works or how our homebrew formula works. As far as I can tell, our formula is just a generic homebrew formula as far as I know. I didn't author that formula however, so I'm not sure if there is something that can be done there to address your issue. Are there any existing homebrew formulas that work as you are describing that I can look at? in particular a formula that allows you to upgrade without elevation? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.