[DannyBee]

A. Single user systems are not the same as server systems, and plenty of single user systems have had the equivalent of /usr/local as writable. If you want to argue this security is worth it, that's a different argument. I suspect most people who just want to get shit done are going to find it a huge pain in the ass.

You can also argue these people are stupid.

As for standards, vendors follow FHS and friends exactly as far as it helps them justify whatever they want to do.

If you really want to argue from the perspective that "this is standard and that's the reason it's done", that seems awfully silly to me given the layout and other permissions of apple systems.

It's pretty non-FHS/etc to have /Applications be writable, for example.

B. let's be clear: there is outrage no matter what is changed and why, and the argument is always "it is inappropriate and dumb". So this statement is fairly independent of this change.

[quesera]

A. OSX is not a single user system. It inherits from various Unixes, and no Unix has ever had nonprivileged writability on any directory under /usr.

FHS does not apply to OSX in any way. Why do people think so?

Also, /Applications is not writable by nonprivileged users either!

Agreed on ~"changes yield outrage", but in this case, it's just a software application vendor violating obvious historical and specific guidelines from software OS vendor, and people blaming OS vendor when things break. This perplexes me.

[tptacek]

You might just as productively argue that there is no such thing as a modern single-user system, since Windows isn't that either. His point is pretty clear.

OTOH: The debate here is a little confusing. What SIP is doing w/r/t/ /usr/local isn't unprecedented; securelevels and the immutable flag could have the same effect on OpenBSD all the way back in the 1990s.

[quesera]

> You might just as productively argue that there is no such thing as a modern single-user system, since Windows isn't that either. His point is pretty clear.

Correct, and nonprivileged users can't install software globally on Windows either. Because it's now a modern OS, and that's how things are done. For very good reasons.

His point, as far as I can tell, amounts to: applications should be able to trash permissions on convenient directories and not have the OS complain or repair their damage.

Perhaps I'm being ungenerous here? I apologize if so.

On re read, I realize that tptacek is responding only to the SIP part of the discussion. OK, SIP is surprising to desktop computer users. But it's a good feature that requires a little adjustment to work with. But really not much, and none for the vast majority of users who don't muck with system directories.

[tptacek]

He's arguing that users should be able to elevate their privileges by supplying root's credentials and then create a simple directory without having to reboot.

I more agree with you than with him, but his argument seems pretty straightforward.

[quesera]

Well, if you unwind far enough, I think the original discussion was about why Homebrew has trouble using /usr/local. Where "using" means "owning, adding git repos to, changing permissions on, etc".

OSX suggests /usr/local as a good location to install software, but insists that the directory itself be owned by root, and protects the parent directory /usr under SIP.

My assertion is that Homebrew is using /usr/local incorrectly (and in contravention to all expectation), and that blaming Apple for the problems thereby created is inappropriate.

I also think SIP is a good thing.

[tptacek]

The "single user systems aren't the same as server systems" argument cuts both ways. It is also not a big deal to reboot a single-user systems.

[mzs]

I see what you are saying but please step back and take a wider view for a moment.

Even assuming OSX is a single user system (which is arguable), it is 2015 and should that single user be able to accidentally damage /usr/local? I think not, that by today an OS should help protect you from broken postinstall script or what not.

Moreover please think about this: homebrew is not wanting /usr/local/ root:admin but instead /usr/local/ `/usr/bin/whoami`:admin.

Further even on our laptops where there is just one user, I use a non-admin user. I have no problems using FUS, GUI prompted temporary admin permissions, or /usr/bin/login -p and sudo day-to-day, but homebrew has a problem with sudo.

Apple SIP has no problem with /usr/local/ 0:0 but homebrew does. Because of shortcuts homebrew has forced a number of poor decisions on it's users.