Why Homebrew doesn't even allow installing packages using sudo brew install foo, but almost every single apt package or tutorial tells to install with sudo apt-get install bar?

What's so drastically different about these two package managers? Every package installed with Homebrew seem to work just fine compared to their apt counterparts, to why would apt still force the use of sudo if Homebrew can manage without?

~ $ sudo brew install foo
Password:
Error: Running Homebrew as root is extremely dangerous and no longer supported.
As Homebrew does not drop privileges on installation you would be giving all
build scripts full access to your system.

1 Answer

Because you are comparing Apple’s (literally) to oranges.

There is no reason to run Homebrew via sudo because it is installing packages in a kludgy way to allow for package installs in a way that does not interfere with core macOS functionality. In contrast apt on Ubuntu/Debian can install packages easily systemwide via sudo because it designed for server use on a system that doesn’t have such restrictions.

“What's so drastically different about these two package managers?”

One (apt) is for use on a Linux environment — typically server-based and implicitly multi-user — and the other (Homebrew) is meant to run on macOS which has it’s own quirks and restrictions.

And in macOS the vast majority of people using Homebrew do so for personal development and packages do not have to be installed via sudo for root privledges. Homebrew is meant to be run in the user; not by root.

As explained in the Homebrew docs:

Why does Homebrew say sudo is bad?

tl;dr Sudo is dangerous, and you installed TextMate.app without sudo anyway.

Homebrew refuses to work using sudo.

You should only ever sudo a tool you trust. Of course, you can trust Homebrew 😉 But do you trust the multi-megabyte Makefile that Homebrew runs? Developers often understand C++ far better than they understand make syntax. It’s too high a risk to sudo such stuff. It could modify (or upload) any files on your system. And indeed, we’ve seen some build scripts try to modify /usr even when the prefix was specified as something else entirely.

We use the macOS sandbox to stop this but this doesn’t work when run as the root user (which also has read and write access to almost everything on the system).

Did you chown root /Applications/TextMate.app? Probably not. So is it that important to chown root wget?

If you need to run Homebrew in a multi-user environment, consider creating a separate user account especially for use of Homebrew.

Also in the case of apt it installs packages systemwide for all users; Homebrew doesn’t. In fact when you — via your account on macOS — installs software via Homebrew it is owned by you and nobody else; look at the last sentence above. That basically says that while Homebrew installs packages into the systemwide /usr/local/bin directory, they are not necessarily something that all users can manage nor would you want them.