[quesera]

A. /usr/local has never ever been writable by a nonprivileged user. Every standard that exists, including the principle of least surprise, is emphatic on that point. The security implications of "any other way" are massive.

B. If Linus or the FHS changed their ways in this, there would be outrage. It's inappropriate and just plain dumb. [edit: I shouldn't have said "dumb", please replace with "in violation of all guarantees of system integrity".]

C. See above.

You apparently have issues with SIP. That's a separate issue from the current thread, but OK. You should reboot to securely change nvram settings that will allow you to manipulate the protected zone of the file system (including /usr) because this concession to inconvenience saves you from privilege escalation attacks.

The real question is why you deleted /usr/local in the first place. It's standard OSX, and always has been. If you deleted it before SIP, but object to its absence now that SIP applies to the directory where it lives...I'm not sure how to help.

[DannyBee]

A. Single user systems are not the same as server systems, and plenty of single user systems have had the equivalent of /usr/local as writable. If you want to argue this security is worth it, that's a different argument. I suspect most people who just want to get shit done are going to find it a huge pain in the ass.

You can also argue these people are stupid.

As for standards, vendors follow FHS and friends exactly as far as it helps them justify whatever they want to do.

If you really want to argue from the perspective that "this is standard and that's the reason it's done", that seems awfully silly to me given the layout and other permissions of apple systems.

It's pretty non-FHS/etc to have /Applications be writable, for example.

B. let's be clear: there is outrage no matter what is changed and why, and the argument is always "it is inappropriate and dumb". So this statement is fairly independent of this change.

[quesera]

A. OSX is not a single user system. It inherits from various Unixes, and no Unix has ever had nonprivileged writability on any directory under /usr.

FHS does not apply to OSX in any way. Why do people think so?

Also, /Applications is not writable by nonprivileged users either!

Agreed on ~"changes yield outrage", but in this case, it's just a software application vendor violating obvious historical and specific guidelines from software OS vendor, and people blaming OS vendor when things break. This perplexes me.

[tptacek]

You might just as productively argue that there is no such thing as a modern single-user system, since Windows isn't that either. His point is pretty clear.

OTOH: The debate here is a little confusing. What SIP is doing w/r/t/ /usr/local isn't unprecedented; securelevels and the immutable flag could have the same effect on OpenBSD all the way back in the 1990s.

[quesera]

> You might just as productively argue that there is no such thing as a modern single-user system, since Windows isn't that either. His point is pretty clear.

Correct, and nonprivileged users can't install software globally on Windows either. Because it's now a modern OS, and that's how things are done. For very good reasons.

His point, as far as I can tell, amounts to: applications should be able to trash permissions on convenient directories and not have the OS complain or repair their damage.

Perhaps I'm being ungenerous here? I apologize if so.

On re read, I realize that tptacek is responding only to the SIP part of the discussion. OK, SIP is surprising to desktop computer users. But it's a good feature that requires a little adjustment to work with. But really not much, and none for the vast majority of users who don't muck with system directories.

[tptacek]

He's arguing that users should be able to elevate their privileges by supplying root's credentials and then create a simple directory without having to reboot.

I more agree with you than with him, but his argument seems pretty straightforward.

[quesera]

Well, if you unwind far enough, I think the original discussion was about why Homebrew has trouble using /usr/local. Where "using" means "owning, adding git repos to, changing permissions on, etc".

OSX suggests /usr/local as a good location to install software, but insists that the directory itself be owned by root, and protects the parent directory /usr under SIP.

My assertion is that Homebrew is using /usr/local incorrectly (and in contravention to all expectation), and that blaming Apple for the problems thereby created is inappropriate.

I also think SIP is a good thing.

[tptacek]

The "single user systems aren't the same as server systems" argument cuts both ways. It is also not a big deal to reboot a single-user systems.

[mzs]

I see what you are saying but please step back and take a wider view for a moment.

Even assuming OSX is a single user system (which is arguable), it is 2015 and should that single user be able to accidentally damage /usr/local? I think not, that by today an OS should help protect you from broken postinstall script or what not.

Moreover please think about this: homebrew is not wanting /usr/local/ root:admin but instead /usr/local/ `/usr/bin/whoami`:admin.

Further even on our laptops where there is just one user, I use a non-admin user. I have no problems using FUS, GUI prompted temporary admin permissions, or /usr/bin/login -p and sudo day-to-day, but homebrew has a problem with sudo.

Apple SIP has no problem with /usr/local/ 0:0 but homebrew does. Because of shortcuts homebrew has forced a number of poor decisions on it's users.

[alextgordon]

Where in FHS does it specify that system and user files should be put in

    /Applications
    /Library
    /Network
    /System
    /User Information
    /Users
    /Volumes

?

[quesera]

FHS does not apply to OSX. Never has, never will.

[tptacek]

He's asking because you brought FHS up.

[quesera]

Under B, as an example of standards by another vendor who would be pilloried if they allowed the same lackadaisical approach to preserving system permissions integrity. In response to the comment that Apple was being unreasonable.

Apologies if that was not clear.