Create a gist now

Instantly share code, notes, and snippets.

Fix permissions on /usr/local for Homebrew
# This script installs to /usr/local only. To install elsewhere you can just
# untar anywhere you like.
# 30th March 2010:
# Added a check to make sure user is in the staff group. This was a problem
# for me, and I think it was due to me migrating my account over several
# versions of OS X. I cannot verify that for sure, and it was tested on
# 10.6.2 using the Directory Service command line utility and my laptop.
# My assumptions are:
# - you are running OS X 10.6.x
# - your machine is not managed as part of a group using networked
# Directory Services
# - you have not recently killed any baby seals or kittens
# 14th March 2010:
# Adapted CodeButler's fork:
module Tty extend self
def blue; bold 34; end
def white; bold 39; end
def red; underline 31; end
def reset; escape 0; end
def bold n; escape "1;#{n}" end
def underline n; escape "4;#{n}" end
def escape n; "\033[#{n}m" if STDOUT.tty? end
class Array
def shell_s
cp = dup
first = cp.shift{ |arg| arg.gsub " ", "\\ " }.unshift(first) * " "
def ohai *args
puts "#{}==>#{Tty.white} #{args.shell_s}#{Tty.reset}"
def warn warning
puts "#{}Warning#{Tty.reset}: #{warning.chomp}"
def system *args
abort "Failed during: #{args.shell_s}" unless Kernel.system *args
def sudo *args
args = if args.length > 1
args.unshift "/usr/bin/sudo"
"/usr/bin/sudo #{args}"
ohai *args
system *args
def getc # NOTE only tested on OS X
system "/bin/stty raw -echo"
if RUBY_VERSION >= '1.8.7'
system "/bin/stty -raw echo"
####################################################################### script
abort "/usr/local/.git already exists!" if "/usr/local/.git"
abort "Don't run this as root!" if Process.uid == 0
abort <<-EOABORT unless `groups`.split.include? "staff"
This script requires the user #{ENV['USER']} to be in the staff group. If this
sucks for you then you can install Homebrew in your home directory or however
you please; please refer to the website. If you still want to use this script
the following command should work:
dscl /Local/Default -append /Groups/staff GroupMembership $USER
ohai "This script will install:"
puts "/usr/local/bin/brew"
puts "/usr/local/Library/Formula/..."
puts "/usr/local/Library/Homebrew/..."
chmods = %w( . bin etc include lib lib/pkgconfig Library sbin share var share/locale share/man
share/man/man1 share/man/man2 share/man/man3 share/man/man4
share/man/man5 share/man/man6 share/man/man7 share/man/man8
share/info share/doc share/aclocal ).
map{ |d| "/usr/local/#{d}" }.
select{ |d| d and not File.writable? d }
chgrps = chmods.reject{ |d| File.stat(d).grpowned? }
unless chmods.empty?
ohai "The following directories will be made group writable:"
puts *chmods
unless chgrps.empty?
ohai "The following directories will have their group set to #{Tty.underline 39}staff#{Tty.reset}:"
puts *chgrps
if STDIN.tty?
puts "Press enter to continue"
abort unless getc == 13
if "/usr/local"
sudo "/bin/chmod", "g+w", *chmods unless chmods.empty?
# all admin users are in staff
sudo "/usr/bin/chgrp", "staff", *chgrps unless chgrps.empty?
sudo "/bin/mkdir /usr/local"
sudo "/bin/chmod g+w /usr/local"
# the group is set to wheel by default for some reason
sudo "/usr/bin/chgrp staff /usr/local"
Dir.chdir "/usr/local" do
ohai "Downloading and Installing Homebrew..."
# -m to stop tar erroring out if it can't modify the mtime for root owned directories
# pipefail to cause the exit status from curl to propogate if it fails
system "/bin/bash -o pipefail -c '/usr/bin/curl -sSfL | /usr/bin/tar xz -m --strip 1'"
ohai "Installation successful!"
warn "/usr/local/bin is not in your PATH." unless ENV['PATH'].split(':').include? '/usr/local/bin'
warn "Now install Xcode:" unless Kernel.system "/usr/bin/which -s gcc"
maletor commented Aug 18, 2011

This is where it's at.

maletor commented Aug 18, 2011

What happened on line 18?

rpavlik commented Aug 18, 2011

Glad you found this useful. I have no idea what line 18 is about (presumably a joke) - I haven't touched that part, that was in the original install script this is based on.

rpavlik commented Jan 4, 2012

I think you need to make sure that your account has administrative privileges in the control panel.

rpavlik commented Jan 4, 2012

This gist is supposed to do that and a little more, and a bit more carefully, but glad you got it figured out.


worked for me on 10.7.3, thanks a lot.

jessedc commented Jul 26, 2012

Continues to work well on 10.7.4

idejuan commented Nov 14, 2012

Worked well on 10.8.2
thank you!


Still works a charm on 10.8.2


10.8.3 working, thanks!

dfriedm commented May 18, 2013

Hi folks, total freakin newbie here. Can anyone explain how to use this?

rgtk commented Jul 23, 2013
ruby fix_homebrew.rb

Works on 10.8.4. Thanks!


Seems to have worked on 10.8.5, although not without problems. Running brew update still returns: fatal: Unable to create '/usr/local/.git/index.lock': Permission denied

Have to use SUDO in this case. Is that the way it's suppose to work?

Also, when I tried to install imagemagick I received: Error: Cannot write to /usr/local/Cellar <= I just tested this and that works so I added a fork to your gist.

Should I just add Cellar to your chmod array and then run it again to make Cellar writable?

zwang commented Feb 2, 2014

works on 10.9.1. Thanks!

davidhq commented Mar 26, 2014

Incredible - thank you! … // works on 10.9.2

spuder commented Apr 6, 2014

What would happen if you are on a directory service ? Will it break anything?

duksis commented Jul 3, 2014

👍 nice - thanks


Sorry folks, I'm still new to all this. All I was trying to do was update git. So then I installed homebrew. So then... now I'm 3 hours deep in confusion. Can anyone tell me how to USE a gist? Google doesn't seem to know. I've downloaded this file, and... now what?


I'm getting an error when I try to run the script in with and without using sudo.

Without sudo, it says "fix_homebrew.rb: Permission denied".

With sudo, it asks for my password as it should, but then it says "fix_homebrew.rb: command not found".

I'm running Mac OS 10.9.4.

The reason I ran this in the first place is whenever I try to "brew install" anything, it installs but gives an error:

 Error: The `brew link` step did not complete successfully
 The formula built, but is not symlinked into /usr/local
 Could not symlink share/doc/git-doc
 /usr/local/share/doc is not writable.

I then tried "brew link git" but it gives this error:

 Linking /usr/local/Cellar/git/2.0.4... 
 Error: Could not symlink share/doc/git-doc
 /usr/local/share/doc is not writable.
 Michael-iMac:~ zeno$ 

This same pattern of Homebrew errors also occurs when trying to install (or link) "lame" or "ffmpeg", so it's not just an issue with installing "git".

Any ideas would be greatly appreciated!



Hi "MatthewMacMillan" - I'm responding to your post. I'm very new to Homebrew myself, but since no one has yet responded to your comment, I'll tell you what little I know. Before addressing your direct question, here is the little I know about using Homebrew properly:

After installing Homebrew I went to a bash shell and ran "brew update". It's always best to run this command each and every time before using Homebrew. (I believe the readme file said to run this command if you installed or updated Homebrew more than 24 hours ago.)

I then ran "brew install app" where "app" is "git" or whatever application you are trying to install, e.g., "brew install git".

Sorry if you already know all this.

In order to run this "fix_homebrew.rb" script, dragged the script file to an open Terminal window (Mac OS X so I'm running Bash shell by default) and hit return. I got the error detailed in my post above. I then tried to "switch user" when running the command by entering "sudo fix_homebrew.rb" which prompted me for my password when I typed in and hit return, but I got a different error (also outlined above).

Hope this helps... thanks


Worked on 10.9.5 Thanks!

for Newbies:
$git clone
$cd 768518
$ruby fix_homebrew.rb

You will need to enter your password and then you should get the ===> Fix Successful! output if all went well.


^ works on 10.10 too. Just ran...
etc etc etc...

$ ruby fix_homebrew.rb
==> This script will fix permissions on:

Press enter to continue
==> Fix successful!


Awesome. Just ran on 10.10.1.


Can anyone explain this for me? E.g.

  • Why does this happen? I see it a lot, but don't know what situation causes it.
  • What is actually wrong here? / how does this script fix it. I feel like I understand the chmod one (directories have incorrect permission to install to these global locations), but I don't understand the chgrp one.
  • Given that it seems to be permissions issues, and from my naive understanding, it seems like any other user on my system will hit issues (e.g. if I own the dirs, then another user will hit this, if they own them, then I will) Or is that where the groups come in? If we're both admin, then neither of us hit it.
  • Any good resources for reading about groups? Ie what they're for, how they're implemented, are there common groups (e.g. I see "wheel" a lot) and what do they mean? What tools allow me to understand and manipulate the state of groups.
  • Why don't we just install into each user's home directory? It seems like that would fix the issue.

This save my day (or at least my morning !). Thanks so much !!!!

bennylp commented Aug 20, 2015

Worked on 10.10.2 (after "cannot write to /usr/local/lib error"). Cheers!


Worked well on 10.11 Thank u so much!

aliirz commented Oct 30, 2015

Thank you so much for this. 👏


Thanks for this, worked on 10.11.1 (15B42) !

mrrts commented Dec 16, 2015



Thanks! Works on 10.11.3.


Works on 10.11.4.


Works on 10.11.5, ty all! Brew update then worked like a charm.

matt-kg commented Oct 6, 2016

Worked on Sierra beta and GM for me.

YamilG commented Nov 30, 2016

Worked, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment