4

This question was asked/answered previously, and I know it's safe to chown on /usr/local for my admin user account, which I've done to install git with homebrew (using brew install git).

sudo chown -R $USER:admin /usr/local

Now I'm wondering if I should change ownership back to root.

Does it matter who owns /usr/local?

Note: This question is oriented towards macOS, but may also apply to Unix systems.

Kusalananda
  • 320,670
  • 36
  • 633
  • 936
MikeiLL
  • 247
  • 1
  • 4
  • 10

1 Answers1

5

Let's start with some "history". /usr/local is typically used to store user programs/data that were not installed with the base operating system. Commonly, when you make programs from source using automake, they will install somewhere under /usr/local. Because the main operating system itself doesn't rely on this directory, permissions are really up to the administrators preference.

Now, we can also consider this from another angle. When you have user +r or +w or +x privileges on a directory, those permissions will only apply to the owner of that directory. Typically, user privileges are higher than the group or all privileges, which means that the owner of /usr/local will have elevated privileges over that of other accounts. Now, if the group and/or all privileges are equal to or greater than the privileges of user on that directory, then who the actual owner is isn't as important.

So, the question you need to ask yourself is what users will be using the "stuff" located in /usr/local, and do you care whether other users have access to the same "stuff"? Your answer will probably effect not only the user who owns this directory, but what the user, group and all permissions will be on that directory.

Using home-brew, it's usually a good idea to have this directory owned by the user administering the home-brew package system. For more of a shared system, it is more common that this directory will be owned by root, as even though this directory is user-controlled, often the administrator of the system wants to have control over what gets deposited into this directory.

As a reference, here's an example of a stock Linux (Ubuntu) machine, followed by a stock Mac OS X machine:

user@ubuntu:~$ ls -ld /usr/local
drwxr-xr-x 10 root root 4096 Sep 10  2013 /usr/local
Mac:~ user$ ls -ld /usr/local
drwxrwxr-x  12 root  admin  408 12 Apr 04:32 /usr/local/
jasonwryan
  • 71,734
  • 34
  • 193
  • 226
Jitsusama
  • 68
  • 7
  • Super-helpful and I plan to accept it. But I am having trouble finding an explanation for part of the actual code with which I chowned: `$USER:admin`. Does it mean IF the user is admin, user AS admin? – MikeiLL Jul 11 '14 at 19:22
  • Hello MikeiLL. `$USER` is a variable that should be replaced with the appropriate username. When you pass GNU chown name:group, it will perform a `chown` on the destination with username `name`, and it will perform a `chgrp` on the destination with group name `group`. – Jitsusama Jul 15 '14 at 15:32
  • Thank you Jitsusama. So specifying (as in this example) `$USER:admin`, or rather `username:admin` would apply the `admin` group to the second set of permissions in `rwxr--r--` and `username` to the first, right? – MikeiLL Jul 15 '14 at 17:29
  • 1
    Yeah, the user would be set to `username` and the group would be set to `admin`. Based upon the permissions `rwxr--r--`, username would have `rwx` and admin would have `r--` permissions. – Jitsusama Jul 17 '14 at 19:44