brew is a bad neighbor
This isn't a guide about locking down homebrew so that it can't touch the rest of your system security-wise.
This guide doesn't fix the inherent security issues of a package management system that will literally yell at you if you try to do something about "huh, maybe it's not great my executables are writeable by my account without requiring authorization first".
But it absolutely is a guide about shoving it into its own little corner so that you can take it or leave it as you see fit, instead of just letting the project do what it likes like completely taking over permissions and ownership of a directory that might be in use by other software on your Mac and stomping all over their contents.
By following this guide you will:
- Never have to run
sudoto forcefully change permissions of some directory to be owned by your account