How are you supposed to use homebrew on a nonadmin mac account?

Trying to follow good security practices on macOS, using a standard account instead of an admin account.
But you can’t really install anything systemwide (I want to bc multiple users) using homebrew like this unless you run it with sudo and add your user to sudoers file but this is heavily discouraged from what I’ve read bc security.

Should i just use macports or sth or is there a solution with homebrew? Would macports share the same problem?

Install such packages from the admin account? Or use something like Privileges (not endorsed or recommend by Privacy Guides).

You can change the directory brew is installed in to a subdirectory of ~.

but then i would need to install everything system-wide. having 2 installations of homebrew for separate users isn’t recommended either. ideally i want to choose which packages i want to install system-wide and which per user.
kinda crazy to me that there isn’t a supported easy way to do this considering homebrew is so popular…

do you know if adding the standard account to sudoers file and explicitly just allowing “brew install” commands instead of “ALL”, would this be ok and acceptable or still be a bad security practice. You would never have to explicitly write “sudo” in “brew install” so idk if this makes it okay or is that still run implicitly…

regarding privileges i might look into this, is it discouraged by PG or just not mentioned at all?

just not mentioned, but some team members here seem to use it

1 Like

yeah ive seen that after i wrote the comment. but i think i will just convert my account to admin, to save future me from headaches

I keep a terminal window open with ‘su admin’ running, specifically for homebrew. Maybe that’s a terrible security practice… :sweat_smile: