2016/09/04

homebrewのroot権限を落とす

brew updateがエラーになる

Macでパッケージシステムを使うとき、コマンドをインストールするユーザと使うユーザとは分けておいたほうが安全だ、ということで、Homebrewをrootでインストールしていたのだが、最近、brew updateすると
Updating brew...
Error: Running Homebrew as root is extremely dangerous. As Homebrew does not
drop privileges on installation you are giving all build scripts full access
to your system. As a result of the OS X sandbox not handling the root user
correctly HOMEBREW_NO_SANDBOX has been set so the sandbox will not be used. If
we have not merged a pull request to add privilege dropping by November 1st
2016 running Homebrew as root will be disabled. No Homebrew maintainers plan
to work on this functionality.
Error: Running Homebrew as root is extremely dangerous. As Homebrew does not
drop privileges on installation you are giving all build scripts full access
to your system. As a result of the OS X sandbox not handling the root user
correctly HOMEBREW_NO_SANDBOX has been set so the sandbox will not be used. If
we have not merged a pull request to add privilege dropping by November 1st
2016 running Homebrew as root will be disabled. No Homebrew maintainers plan
to work on this functionality.
Updated Homebrew from 8bf787c to d39eeac.
Updated 6 taps (caskroom/cask, homebrew/boneyard, homebrew/core, homebrew/versions, mackerelio/mackerel-agent, motemen/mackerel-agent).
==> New Formulae
 :
と、エラーが出るようになった。rootでHomebrewを使うのは危険だし、root権限を途中で捨てるような処理を入れるつもりもないよ。ということのようだ。

brew doctorで修正方法を調べる

今までrootで使ってきたのだが、再インストールしないとだめなのか?それは面倒だから勘弁してほしい。
まずはbrew doctorしてみる。
dummy $ brew doctor
Please note that these warnings are just used to help the Homebrew maintainers
with debugging if you file an issue. If everything you use Homebrew for is
working fine: please don't worry and just ignore them. Thanks!

Warning: /usr/local/Frameworks isn't writable.

This can happen if you "sudo make install" software that isn't managed
by Homebrew. If a formula tries to write a file to this directory, the
install will fail during the link step.

You should change the ownership and permissions of /usr/local/Frameworks back to
your user account.
  sudo chown -R $(whoami) /usr/local/Frameworks

Warning: /Users/dummy/Library/Caches/Homebrew isn't writable.
This can happen if you run `brew install` or `brew fetch` as another user.
Homebrew caches downloaded files to this location.

You should change the ownership and permissions of /Users/dummy/Library/Caches/Homebrew
back to your user account.
  sudo chown -R $(whoami) /Users/dummy/Library/Caches/Homebrew

Warning: /usr/local is not writable.

You should change the ownership and permissions of /usr/local
back to your user account.
  sudo chown -R $(whoami) /usr/local

Warning: /Users/dummy/Library/Logs/Homebrew isn't writable.
Homebrew writes debugging logs to this location.

You should change the ownership and permissions of /Users/dummy/Library/Logs/Homebrew
back to your user account.
  sudo chown -R $(whoami) /Users/dummy/Library/Logs/Homebrew

Warning: /usr/local/opt isn't writable.

You should change the ownership and permissions of /usr/local/opt
back to your user account.
  sudo chown -R $(whoami) /usr/local/opt

Warning: Some directories in /usr/local/share/locale aren't writable.
This can happen if you "sudo make install" software that isn't managed
by Homebrew. If a brew tries to add locale information to one of these
directories, then the install will fail during the link step.

You should `sudo chown -R $(whoami)` them:
    /usr/local/share/locale
    /usr/local/share/locale/af
    /usr/local/share/locale/af/LC_MESSAGES
    /usr/local/share/locale/am
    /usr/local/share/locale/am/LC_MESSAGES
    /usr/local/share/locale/an
    /usr/local/share/locale/an/LC_MESSAGES
    /usr/local/share/locale/ar
    /usr/local/share/locale/ar/LC_MESSAGES
    /usr/local/share/locale/as
    /usr/local/share/locale/as/LC_MESSAGES
    /usr/local/share/locale/ast
    /usr/local/share/locale/ast/LC_MESSAGES
    /usr/local/share/locale/az
    /usr/local/share/locale/az/LC_MESSAGES
    /usr/local/share/locale/be
    /usr/local/share/locale/be/LC_MESSAGES
    /usr/local/share/locale/be@latin
    /usr/local/share/locale/be@latin/LC_MESSAGES
    /usr/local/share/locale/bg
    /usr/local/share/locale/bg/LC_MESSAGES
    /usr/local/share/locale/bn
    /usr/local/share/locale/bn/LC_MESSAGES
    /usr/local/share/locale/bn_IN
    /usr/local/share/locale/bn_IN/LC_MESSAGES
    /usr/local/share/locale/bs
    /usr/local/share/locale/bs/LC_MESSAGES
    /usr/local/share/locale/ca
    /usr/local/share/locale/ca/LC_MESSAGES
    /usr/local/share/locale/ca@valencia
    /usr/local/share/locale/ca@valencia/LC_MESSAGES
    /usr/local/share/locale/cs
    /usr/local/share/locale/cs/LC_MESSAGES
    /usr/local/share/locale/cy
    /usr/local/share/locale/cy/LC_MESSAGES
    /usr/local/share/locale/da
    /usr/local/share/locale/da/LC_MESSAGES
    /usr/local/share/locale/de
    /usr/local/share/locale/de/LC_MESSAGES
    /usr/local/share/locale/dz
    /usr/local/share/locale/dz/LC_MESSAGES
    /usr/local/share/locale/el
    /usr/local/share/locale/el/LC_MESSAGES
    /usr/local/share/locale/en
    /usr/local/share/locale/en/LC_MESSAGES
    /usr/local/share/locale/en@shaw
    /usr/local/share/locale/en@shaw/LC_MESSAGES
    /usr/local/share/locale/en_CA
    /usr/local/share/locale/en_CA/LC_MESSAGES
    /usr/local/share/locale/en_GB
    /usr/local/share/locale/en_GB/LC_MESSAGES
    /usr/local/share/locale/eo
    /usr/local/share/locale/eo/LC_MESSAGES
    /usr/local/share/locale/es
    /usr/local/share/locale/es/LC_MESSAGES
    /usr/local/share/locale/et
    /usr/local/share/locale/et/LC_MESSAGES
    /usr/local/share/locale/eu
    /usr/local/share/locale/eu/LC_MESSAGES
    /usr/local/share/locale/fa
    /usr/local/share/locale/fa/LC_MESSAGES
    /usr/local/share/locale/fi
    /usr/local/share/locale/fi/LC_MESSAGES
    /usr/local/share/locale/fr
    /usr/local/share/locale/fr/LC_MESSAGES
    /usr/local/share/locale/ga
    /usr/local/share/locale/ga/LC_MESSAGES
    /usr/local/share/locale/gd
    /usr/local/share/locale/gd/LC_MESSAGES
    /usr/local/share/locale/gl
    /usr/local/share/locale/gl/LC_MESSAGES
    /usr/local/share/locale/gu
    /usr/local/share/locale/gu/LC_MESSAGES
    /usr/local/share/locale/he
    /usr/local/share/locale/he/LC_MESSAGES
    /usr/local/share/locale/hi
    /usr/local/share/locale/hi/LC_MESSAGES
    /usr/local/share/locale/hr
    /usr/local/share/locale/hr/LC_MESSAGES
    /usr/local/share/locale/hu
    /usr/local/share/locale/hu/LC_MESSAGES
    /usr/local/share/locale/hy
    /usr/local/share/locale/hy/LC_MESSAGES
    /usr/local/share/locale/id
    /usr/local/share/locale/id/LC_MESSAGES
    /usr/local/share/locale/is
    /usr/local/share/locale/is/LC_MESSAGES
    /usr/local/share/locale/it
    /usr/local/share/locale/it/LC_MESSAGES
    /usr/local/share/locale/ja
    /usr/local/share/locale/ja/LC_MESSAGES
    /usr/local/share/locale/ka
    /usr/local/share/locale/ka/LC_MESSAGES
    /usr/local/share/locale/kk
    /usr/local/share/locale/kk/LC_MESSAGES
    /usr/local/share/locale/kn
    /usr/local/share/locale/kn/LC_MESSAGES
    /usr/local/share/locale/ko
    /usr/local/share/locale/ko/LC_MESSAGES
    /usr/local/share/locale/ku
    /usr/local/share/locale/ku/LC_MESSAGES
    /usr/local/share/locale/lt
    /usr/local/share/locale/lt/LC_MESSAGES
    /usr/local/share/locale/lv
    /usr/local/share/locale/lv/LC_MESSAGES
    /usr/local/share/locale/mai
    /usr/local/share/locale/mai/LC_MESSAGES
    /usr/local/share/locale/mg
    /usr/local/share/locale/mg/LC_MESSAGES
    /usr/local/share/locale/mk
    /usr/local/share/locale/mk/LC_MESSAGES
    /usr/local/share/locale/ml
    /usr/local/share/locale/ml/LC_MESSAGES
    /usr/local/share/locale/mn
    /usr/local/share/locale/mn/LC_MESSAGES
    /usr/local/share/locale/mr
    /usr/local/share/locale/mr/LC_MESSAGES
    /usr/local/share/locale/ms
    /usr/local/share/locale/ms/LC_MESSAGES
    /usr/local/share/locale/nb
    /usr/local/share/locale/nb/LC_MESSAGES
    /usr/local/share/locale/nds
    /usr/local/share/locale/nds/LC_MESSAGES
    /usr/local/share/locale/ne
    /usr/local/share/locale/ne/LC_MESSAGES
    /usr/local/share/locale/nl
    /usr/local/share/locale/nl/LC_MESSAGES
    /usr/local/share/locale/nn
    /usr/local/share/locale/nn/LC_MESSAGES
    /usr/local/share/locale/oc
    /usr/local/share/locale/oc/LC_MESSAGES
    /usr/local/share/locale/or
    /usr/local/share/locale/or/LC_MESSAGES
    /usr/local/share/locale/pa
    /usr/local/share/locale/pa/LC_MESSAGES
    /usr/local/share/locale/pl
    /usr/local/share/locale/pl/LC_MESSAGES
    /usr/local/share/locale/ps
    /usr/local/share/locale/ps/LC_MESSAGES
    /usr/local/share/locale/pt
    /usr/local/share/locale/pt/LC_MESSAGES
    /usr/local/share/locale/pt_BR
    /usr/local/share/locale/pt_BR/LC_MESSAGES
    /usr/local/share/locale/ro
    /usr/local/share/locale/ro/LC_MESSAGES
    /usr/local/share/locale/ru
    /usr/local/share/locale/ru/LC_MESSAGES
    /usr/local/share/locale/rw
    /usr/local/share/locale/rw/LC_MESSAGES
    /usr/local/share/locale/si
    /usr/local/share/locale/si/LC_MESSAGES
    /usr/local/share/locale/sk
    /usr/local/share/locale/sk/LC_MESSAGES
    /usr/local/share/locale/sl
    /usr/local/share/locale/sl/LC_MESSAGES
    /usr/local/share/locale/sq
    /usr/local/share/locale/sq/LC_MESSAGES
    /usr/local/share/locale/sr
    /usr/local/share/locale/sr/LC_MESSAGES
    /usr/local/share/locale/sr@ije
    /usr/local/share/locale/sr@ije/LC_MESSAGES
    /usr/local/share/locale/sr@latin
    /usr/local/share/locale/sr@latin/LC_MESSAGES
    /usr/local/share/locale/sv
    /usr/local/share/locale/sv/LC_MESSAGES
    /usr/local/share/locale/ta
    /usr/local/share/locale/ta/LC_MESSAGES
    /usr/local/share/locale/te
    /usr/local/share/locale/te/LC_MESSAGES
    /usr/local/share/locale/tg
    /usr/local/share/locale/tg/LC_MESSAGES
    /usr/local/share/locale/th
    /usr/local/share/locale/th/LC_MESSAGES
    /usr/local/share/locale/tl
    /usr/local/share/locale/tl/LC_MESSAGES
    /usr/local/share/locale/tr
    /usr/local/share/locale/tr/LC_MESSAGES
    /usr/local/share/locale/tt
    /usr/local/share/locale/tt/LC_MESSAGES
    /usr/local/share/locale/ug
    /usr/local/share/locale/ug/LC_MESSAGES
    /usr/local/share/locale/uk
    /usr/local/share/locale/uk/LC_MESSAGES
    /usr/local/share/locale/vi
    /usr/local/share/locale/vi/LC_MESSAGES
    /usr/local/share/locale/wa
    /usr/local/share/locale/wa/LC_MESSAGES
    /usr/local/share/locale/xh
    /usr/local/share/locale/xh/LC_MESSAGES
    /usr/local/share/locale/yi
    /usr/local/share/locale/yi/LC_MESSAGES
    /usr/local/share/locale/zh_CN
    /usr/local/share/locale/zh_CN/LC_MESSAGES
    /usr/local/share/locale/zh_HK
    /usr/local/share/locale/zh_HK/LC_MESSAGES
    /usr/local/share/locale/zh_TW
    /usr/local/share/locale/zh_TW/LC_MESSAGES

Warning: Some directories in /usr/local/share/man aren't writable.
This can happen if you "sudo make install" software that isn't managed
by Homebrew. If a brew tries to add locale information to one of these
directories, then the install will fail during the link step.

You should `sudo chown -R $(whoami)` them:
    /usr/local/share/man/de
    /usr/local/share/man/de/man1
    /usr/local/share/man/es
    /usr/local/share/man/es/man1
    /usr/local/share/man/fr
    /usr/local/share/man/fr/man1
    /usr/local/share/man/hr
    /usr/local/share/man/hr/man1
    /usr/local/share/man/hu
    /usr/local/share/man/hu/man1
    /usr/local/share/man/it
    /usr/local/share/man/it/man1
    /usr/local/share/man/man4
    /usr/local/share/man/man5
    /usr/local/share/man/man7
    /usr/local/share/man/man8
    /usr/local/share/man/pl
    /usr/local/share/man/pl/man1
    /usr/local/share/man/pt_BR
    /usr/local/share/man/pt_BR/man1
    /usr/local/share/man/pt_PT
    /usr/local/share/man/pt_PT/man1
    /usr/local/share/man/ro
    /usr/local/share/man/ro/man1
    /usr/local/share/man/ru
    /usr/local/share/man/ru/man1
    /usr/local/share/man/sk
    /usr/local/share/man/sk/man1
    /usr/local/share/man/zh
    /usr/local/share/man/zh/man1

Warning: /usr/local/lib/python2.7/site-packages isn't writable.
This can happen if you "sudo pip install" software that isn't managed
by Homebrew. If you install a formula with Python modules, the install
will fail during the link step.

You should change the ownership and permissions of /usr/local/lib/python2.7/site-packages
back to your user account.
  sudo chown -R $(whoami) /usr/local/lib/python2.7/site-packages

Warning: /usr/local is not writable.
Even if this directory was writable when you installed Homebrew, other
software may change permissions on this directory. For example, upgrading
to OS X El Capitan has been known to do this. Some versions of the
"InstantOn" component of Airfoil or running Cocktail cleanup/optimizations
are known to do this as well.

You should change the ownership and permissions of /usr/local back to
your user account.
  sudo chown -R $(whoami) /usr/local

Warning: /usr/local/var isn't writable.

This can happen if you "sudo make install" software that isn't managed
by Homebrew. If a formula tries to write a file to this directory, the
install will fail during the link step.

You should change the ownership and permissions of /usr/local/var back to
your user account.
  sudo chown -R $(whoami) /usr/local/var

Warning: Your XQuartz (2.7.8) is outdated
Please install XQuartz 2.7.9:
  https://xquartz.macosforge.org

Warning: You have unlinked kegs in your Cellar
Leaving kegs unlinked can lead to build-trouble and cause brews that depend on
those kegs to fail to run properly once built. Run `brew link` on these:
    gnutls2

Warning: Homebrew's sbin was not found in your PATH but you have installed
formulae that put executables in /usr/local/sbin.
Consider setting the PATH for example like so
  echo 'export PATH="/usr/local/sbin:$PATH"' >> ~/.bash_profile

Warning: Your Homebrew is outdated.
You haven't updated for at least 24 hours. This is a long time in brewland!
To update Homebrew, run `brew update`.
dummy $

修正方法が長々と表示されたが、
  sudo chown -R $(whoami) /usr/local
でほとんど片付いてしまうようだ。

brew doctorに従って修正する

brew doctorに従ってディレクトリの権限を直せば、移行作業終了。outdatedだとかunlinkedだとかはrootの問題ではないので、別途対応すればよい。でもこれ、間違って/usr/local/以下のファイルを消しても気がつかないよね。ファイルがないならエラーで気付くかもしれないけど、違う内容で上書きしていたら結構悲惨だ。
アプリケーションフォルダは
drwxrwxr-x+ 126 root  admin  4284  9  3 06:12 /Applications/
となっているから、多少マシか?でも、自分がインストールできるよう、adminグループに入れているだろうから、あまり変わらないか。
ますますTimeMachineでのバックアップが重要になったという気がする。


0 件のコメント :

コメントを投稿

Comments on Google+: