El Capitan & Homebrew

El Capitan & Homebrew

Part of the OS X 10.11/El Capitan changes is something called System Integrity Protection or “SIP”.

SIP prevents you from writing to many system directories such as /usr, /System & /bin, regardless of whether or not you are root. The Apple keynote is here if you’d like to learn more.

One of the implications of SIP is that you cannot simply create /usr/local if it is removed or doesn’t exist for another reason. However, as noted in the keynote, Apple is leaving /usr/local open for developers to use, so Homebrew can still be used as expected.

Apple documentation hints that /usr/local will be returned to root:wheel restricted permissions on every OS X update. There is a brew doctor check in place to advise if permissions have slipped for whatever reason.

If you haven’t installed Homebrew in /usr/local or another system-protected directory, this document does not apply to you.

This is how to fix Homebrew on El Capitan if you see permission issues:

If /usr/local exists already:

1
sudo chown $(whoami):admin /usr/local && sudo chown -R $(whoami):admin /usr/local

If /usr/local does not exist:

  • Reboot into Recovery mode (Hold Cmd+R on boot) & access the Terminal.
  • In that terminal run:
    csrutil disable
  • Reboot back into OS X
  • Open your Terminal application and execute:
1
sudo mkdir /usr/local && sudo chflags norestricted /usr/local && sudo chown $(whoami):admin /usr/local && sudo chown -R $(whoami):admin /usr/local
  • Reboot back into Recovery Mode & access the Terminal again.
  • In that terminal execute:
    csrutil enable
  • Reboot back into OS X & you’ll be able to write to /usr/local & install Homebrew.