Jamf Nation Community

CodyC · ‎04-08-2021

Has anyone been able to successfully accomplish this? I have tried several scripts ive found on these discussions as well as AutoBrew.

The end result is the same, and its always a lack of permissions.Error: /usr/local is not writable. You should change the
ownership and permissions of /usr/local back to your
user account: sudo chown -R $(whoami) /usr/local

So, is it possible to install this for a Standard user and allow them to update and install via brew, or does this require Admin?

-Cody

Jimbo · ‎04-08-2021

I believe there's an error in that script posted above. If you copy/paste that script into Jamf and look at line 90, it reads:

chown -R "${consoleuser}":_developer /usr/local/*

It should instead read:

chown -R "${consoleuser}:_developer" /usr/local/*

The quotation mark is off.

View solution in original post

bwoods · ‎04-08-2021

#!/bin/bash

# Script to install Homebrew on a Mac.
# Author: richard at richard - purves dot com
# Version: 1.0 - 21st May 2017

# Heavily hacked by Tony Williams (honestpuck@gmail.com)
# Latest version at https://github.com/Honestpuck/homebrew.sh
# v2.0 - 19th Sept 2019
# v2.0.1 Fixed global cache error
# v2.0.2 Fixed brew location error
# v2.0.3 Added more directories to handle

# v3.0 Catalina version 2020-02-17
# v3.1 | 2020-03-24 | Fix permissions for /private/tmp
# v3.2 2020-07-18 Added Caskroom to directories created and added check for binary
# update if it exists then exit

# Set up variables and functions here
consoleuser="$(/usr/bin/python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "
");')"

if [[ -e /usr/local/bin/brew ]]; then
    su -l "$consoleuser" -c "/usr/local/bin/brew update"
    exit 0
fi

# are we in the right group
check_grp=$(groups ${consoleuser} | grep -c '_developer')
if [[ $check_grp != 1 ]]; then
    /usr/sbin/dseditgroup -o edit -a "${consoleuser}" -t user _developer
fi

# Logging stuff starts here
LOGFOLDER="/private/var/log/"
LOG="${LOGFOLDER}Homebrew.log"

if [ ! -d "$LOGFOLDER" ]; then
    mkdir $LOGFOLDER
fi

function logme()
{
# Check to see if function has been called correctly
    if [ -z "$1" ] ; then
        echo "$(date) - logme function call error: no text passed to function! Please recheck code!"
        echo "$(date) - logme function call error: no text passed to function! Please recheck code!" >> $LOG
        exit 1
    fi

# Log the passed details
    echo -e "$(date) - $1" >> $LOG
    echo -e "$(date) - $1"
}

# Check and start logging
logme "Homebrew Installation"

# Have the xcode command line tools been installed?
logme "Checking for Xcode Command Line Tools installation"
check=$( pkgutil --pkgs | grep -c "CLTools_Executables" )

if [[ "$check" != 1 ]]; then
    logme "Installing Xcode Command Tools"
    # This temporary file prompts the 'softwareupdate' utility to list the Command Line Tools
    touch /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
    clt=$(softwareupdate -l | grep -B 1 -E "Command Line (Developer|Tools)" | awk -F"*" '/^ +\*/ {print $2}' | sed 's/^ *//' | tail -n1)
    # the above don't work in Catalina so ...
    if [[ -z $clt ]]; then
        clt=$(softwareupdate -l | grep  "Label: Command" | tail -1 | sed 's#* Label: (.*)#1#')
    fi
    softwareupdate -i "$clt"
    rm -f /tmp/.com.apple.dt.CommandLineTools.installondemand.in-progress
    /usr/bin/xcode-select --switch /Library/Developer/CommandLineTools
fi

# Is homebrew already installed?
if [[ ! -e /usr/local/bin/brew ]]; then
    # Install Homebrew. This doesn't like being run as root so we must do this manually.
    logme "Installing Homebrew"

    mkdir -p /usr/local/Homebrew
    # Curl down the latest tarball and install to /usr/local
    curl -L https://github.com/Homebrew/brew/tarball/master | tar xz --strip 1 -C /usr/local/Homebrew

    # Manually make all the appropriate directories and set permissions
    mkdir -p /usr/local/Cellar /usr/local/Homebrew mkdir /usr/local/Caskroom /usr/local/Frameworks /usr/local/bin
    mkdir -p /usr/local/include /usr/local/lib /usr/local/opt /usr/local/etc /usr/local/sbin
    mkdir -p /usr/local/share/zsh/site-functions /usr/local/var
    mkdir -p /usr/local/share/doc /usr/local/man/man1 /usr/local/share/man/man1
    chown -R "${consoleuser}":_developer /usr/local/*
    chmod -R g+rwx /usr/local/*
    chmod 755 /usr/local/share/zsh /usr/local/share/zsh/site-functions

    # Create a system wide cache folder  
    mkdir -p /Library/Caches/Homebrew
    chmod g+rwx /Library/Caches/Homebrew
    chown "${consoleuser}:_developer" /Library/Caches/Homebrew

    # put brew where we can find it
    ln -s /usr/local/Homebrew/bin/brew /usr/local/bin/brew

    # Install the MD5 checker or the recipes will fail
    su -l "$consoleuser" -c "/usr/local/bin/brew install md5sha1sum"
    echo 'export PATH="/usr/local/opt/openssl/bin:$PATH"' | 
    tee -a /Users/${consoleuser}/.bash_profile /Users/${consoleuser}/.zshrc
    chown ${consoleuser} /Users/${consoleuser}/.bash_profile /Users/${consoleuser}/.zshrc

    # clean some directory stuff for Catalina
    chown -R root:wheel /private/tmp
    chmod 777 /private/tmp
    chmod +t /private/tmp
fi

# Make sure everything is up to date
logme "Updating Homebrew"
su -l "$consoleuser" -c "/usr/local/bin/brew update" 2>&1 | tee -a ${LOG}

# logme user that all is completed
logme "Installation complete"

exit 0

CodyC · ‎04-08-2021

I've tried that exact script, but still have the same results. Unable to install anything (brew install **) or update (brew update).

For my own sanity, I have copied and pasted the code above into a script in Jamf and deployed via Policy. Something else im missing here?

-Cody

Jimbo · ‎04-08-2021

I believe there's an error in that script posted above. If you copy/paste that script into Jamf and look at line 90, it reads:

chown -R "${consoleuser}":_developer /usr/local/*

It should instead read:

chown -R "${consoleuser}:_developer" /usr/local/*

The quotation mark is off.

bwoods · ‎04-08-2021

Hey @CodyC , you need to install Xcode command line tools before running this script. It works just fine when running in self service for me. Just figure out a workflow to get Xcode CLI installed before running this. Hope this helps.

CodyC · ‎04-08-2021

Other than taking 7 minutes to install, it looks great. Thanks for the quotation mark find, my standard user can now use this without issue.

-Cody

Jason33 · ‎04-12-2021

The only problem that I'm running into with standard users installing apps via Homebrew is a prompt for admin name/password to move an application to the /Applications folder.

Mark_Lamont · ‎04-12-2021

@CodyC and everyone else. this script is working ok for me. I tweaked it a bit and those changes are now in the script. It works on both Intel and ARM. I used it on Intel 10.15.7 and ARM Big Sur

quip_MDavison · ‎07-21-2021

Hi all. I tried the updated script @Mark_Lamont posted and our users are still getting the error asking to be assigned permissions to the /usr/local folder. Happens on Catalina 10.15.7 and Big Sur. Even trying to run the commands manually it gives a ton of Operation Not Permitted errors. Doesn't seem to matter if the user is an admin or not.

➜  data  git:(terraform) source venv/bin/activate
(venv) ➜  data  git:(terraform) brew install hashicorp/tap/terraform
Error: The following directories are not writable by your user:
/usr/local/binYou should change the ownership of these directories to your user.
  sudo chown -R $(whoami) /usr/local/binAnd make sure that your user has write permission.
  chmod u+w /usr/local/bin
(venv) ➜  data  git:(terraform)

mrnicker9 · ‎11-25-2021

@bwoods, this script really helped us out for Intel MacBooks. Is there another variant for M1 Silicon MacBooks that you are aware of?

NateES · ‎04-26-2022

I'm currently noticing an issue with ARM MacBooks where - if the above script is run on a machine with a pending update, somehow it will change ownership via the /private/tmp/ folder and propagate through the entire system - requiring a full machine rebuild to fix.

Jamf Nation Community

Installing Home Brew for Standard Users