docs: fix permissions and privilege explanation in FAQ #21290
+2
−2
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* Align multi-user guidance with recommended dedicated brew account * Correct runtime privileges: no implicit admin rights
MikeMcQuaid
reviewed
Dec 21, 2025
Member
MikeMcQuaid
left a comment
MikeMcQuaid
left a comment
There was a problem hiding this comment.
Looks good except recommendation change.
| Ownership on Linux, all subdirectories and files default to the current user and the user group that executed the installation. | ||
|
|
||
| Permissions for all subdirectories and files use `0755 (u=rwx,g=rx,o=rx)` on both macOS and Linux, permitting only the current user to replace binaries (avoidance of malicious changes) while allowing all users to execute binaries. Note: Although, Homebrew is single-user design and it is not advised to execute using a separate user account specifically for use of Homebrew. | ||
| By default, permissions for Homebrew-managed directories and files are `0755 (u=rwx,g=rx,o=rx)` on both macOS and Linux. This means that only the owning user (typically the installing user) can modify or replace files within the Homebrew prefix, while all users are allowed to read and execute installed binaries. On multi-user systems, Homebrew recommends managing the installation from a dedicated user account rather than running `brew` as multiple users. |
Member
There was a problem hiding this comment.
Suggested change
| By default, permissions for Homebrew-managed directories and files are `0755 (u=rwx,g=rx,o=rx)` on both macOS and Linux. This means that only the owning user (typically the installing user) can modify or replace files within the Homebrew prefix, while all users are allowed to read and execute installed binaries. On multi-user systems, Homebrew recommends managing the installation from a dedicated user account rather than running `brew` as multiple users. | |
| By default, permissions for Homebrew-managed directories and files are `0755 (u=rwx,g=rx,o=rx)` on both macOS and Linux. This means that only the owning user (typically the installing user) can modify or replace files within the Homebrew prefix, while all users are allowed to read and execute installed binaries. On multi-user systems, Homebrew does not recommend using a dedicated user account specifically for Homebrew. |
Keep this text as-is, you're changing the recommendation to be the opposite.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
brew lgtm(style, typechecking and tests) with your changes locally?Follow-up to Homebrew discussion: https://github.com/orgs/Homebrew/discussions/6617.
This PR updates the newly added FAQ section "What is the default ownership and permissions used by Homebrew" (introduced in #20946) to avoid two misleading statements: