Question about root ownership?

[hedefalk]

I guess this needs to be run as root for the tunneling - but is there any way to separate the actual running from taking ownership of the paths? I get this on starting the service:

Warning: Taking root:admin ownership of some docker-mac-net-connect paths:
  /opt/homebrew/Cellar/docker-mac-net-connect/v0.1.2/bin
  /opt/homebrew/Cellar/docker-mac-net-connect/v0.1.2/bin/docker-mac-net-connect
  /opt/homebrew/opt/docker-mac-net-connect
  /opt/homebrew/opt/docker-mac-net-connect/bin
  /opt/homebrew/var/homebrew/linked/docker-mac-net-connect
This will require manual removal of these paths using `sudo rm` on
brew upgrade/reinstall/uninstall.
Warning: docker-mac-net-connect must be run as non-root to start at user login!

[gregnr]

You bring up a good point @hedefalk. Unfortunately it doesn't look like this is configurable on the brew services side. Looking into their source, looks like they intentionally do this as a protection measure: https://github.com/Homebrew/homebrew-services/blob/d39f864ddffda7a8c47dc95cd284b50683db9653/lib/service/services_cli.rb#L183

Since sudo brew services start registers the app to run on boot (as root), I imagine brew is trying to prevent users from accidentally modifying/removing it. Not 100% sure what would happen if it was modified to be honest, ie. would macos fail to boot if it couldn't run the app?

sudo brew services start uses launchctl under the hood, so we could consider bypassing brew services and register the app manually (without modifying ownership). I think I'd like to fully understand why brew services does this first before making that decision.