zsh compinit insecure directories

Question

What does it mean and how can I fix it   zsh compinit  insecure directories  run compaudit for list  Ignore insecure directories and continue  y  or abort compinit  n     Running the compaudit returns the follows   There are insecure directories   usr local share zsh site-functions

User · Answer

This morning  some packages in my system updated  and left me with this error message  I am using Ubuntu 18 04    Apparently  something in the update changed the username and group to numbers  instead of root  as so     There are insecure files   usr share zsh vendor-completions  code   sudo ls -alh -rw-r--r-- 1  131  142 2 6K 2019-10-10 16 28  code   I simply changed the user and group for this file back to root and the problem went away  I did not need to change any permissions  and would caution against doing so unless the underlying cause of the problem is understood   sudo chown root  code  amp  amp  sudo chgrp root  code  After switching 131 and 142 back to root  this error message from zsh went away

User · Answer

This works for my Mac since High Sierra update  Remove the group write access  sudo chmod g-w  usr local share zsh site-functions sudo chmod g-w  usr local share zsh  It   s best to keep the change limited to zsh directories

User · Answer

On macOS Sierra you need to run  sudo chown -R   whoami  staff  usr local

User · Answer

My suggestion would be to run compaudit and then just fix permissions on the directories found by the audit  Make sure the identified directories do not have write permissions for group or other

User · Answer

My machine   System Version  macOS 10 15 4  19E287  Kernel Version  Darwin 19 4 0   So here is what I did    run compaudit and it will give you a list of directories it thinks are unsecure  run sudo chmod -R 755 target directory  example  sudo chmod -R 755  usr local share zsh    Exmaple   compaudit   returns       usr local share zsh   so I run  sudo chmod -R 755  usr local share zsh   read more here link

User · Answer

This fixed it for me    sudo chmod -R 755  usr local share zsh site-functions  Credit  a post on zsh mailing list  EDIT  As pointed out by  biocyberman in the comments  You may need to update the owner of site-functions as well    sudo chown -R root root  usr local share zsh site-functions  On my machine  OSX 10 9   I do not need to do this but YMMV  EDIT2  On OSX 10 11  only this worked    sudo chmod -R 755  usr local share zsh   sudo chown -R root staff  usr local share zsh  Also user staff is the correct default permission on OSX

User · Answer

The accepted answer did not work for me on macOs Sierra  10 12 1   Had to do it recursive from  usr local  cd  usr local sudo chown -R  lt your-username gt   lt your-group-name gt      Note  You can get your username with whoami and your group with id -g

User · Answer

This was the only thing that worked for me from https   github com zsh-users zsh-completions issues 433 issuecomment-600582607  Thanks https   github com malaquiasdev       cd  usr local share      sudo chmod -R 755 zsh     sudo chown -R root staff zsh

User · Answer

I got this issue after running the google-cloud-sdk install script  which adds command-completion to the shell via an entry in  zshrc  Following Homebrew s instructions for configuring completions in zsh was helpful   Additionally  if you receive    zsh compinit  insecure directories    warnings when attempting to load these completions  you may need to run this  chmod -R go-w  quot   brew --prefix  share quot

User · Answer

Send a y character to the input stream of the script using compinit  in order to automatically answer the Ignore insecure directories and files and continue  y  or abort compinit  n   question echo  quot y quot   gt  source  lt GOOGLECLOUDSDK gt  completion zsh inc The solution is useful when  you can t make ownership access changes to the folders when you can t use the -u option to remove the warning  probably because you don t explicitly call  compinit  yourself  but it s called by a script you call   Remark  It doesn t fix the problem and only hides the warning  as opposed to others answers here which involve removing  group write access  or  change ownership to root

User · Answer

running this command worked for me on my mac OS Catalina   compaudit   xargs chmod g-w o-w

User · Answer

I fixed it by doing  sudo chown root staff -R  usr local share zsh   in my case other directories inside share  also have  staff  group assigned

User · Answer

Following worked on M1 ProductName     macOS ProductVersion  11 1 BuildVersion    20C69    compaudit  opt homebrew share  Changed group permission from 775 to 755   sudo chmod 755  opt homebrew share  drwxr-xr-x   33 xenea  admin   1056 Feb  2 01 28 share

User · Answer

I had the same warning lately on Catalina  An easy workaround is to put this to the top of your  zshrc   ZSH DISABLE COMPFIX true

User · Answer

This answer is mostly a reference for myself to use in the future  as most answers do not provide a full-fledged solution  Here it is  First run  compinit  use compaudit if above does not work For every single path that is printed run the following the commands  sudo chown   whoami  PATH HERE  sudo chmod -R 755 PATH HERE  Simple example  let s say one of the paths that gets printed after running compinit is  quot  usr local share zsh quot   Then  sudo chown   whoami   usr local share zsh  sudo chmod -R 755  usr local share zsh

User · Answer

on Mojave  this did the trick    sudo chmod go-w  usr local share

User · Answer

Most answers come with a solution  but do not mention why this warning occurs  Here s an excerpt from ZSH s compinit      For security reasons compinit also checks if the completion system would use files not owned by root or by the current user  or files in directories that are world- or group-writable or that are not owned by root or by the current user  If such files or directories are found  compinit will ask if the completion system should really be used  To avoid these tests and make all files found be used without asking  use the option -u  and to make compinit silently ignore all insecure files and directories use the option -i  This security check is skipped entirely when the -C option is given    Hence  the solution implies fixing one  or all  of the following    setting the current user as the owner of all the directories subdirectories files in cause   compaudit   xargs chown -R    whoami    removing write permissions for group others for the files in cause   compaudit   xargs chmod go-w    Another approach would be to skip these checks by using  compinit -u   but I don t really suggest this  as hiding problems under a rug only solves problems in the short run

User · Answer

I got the same warnings when I sudo -i starting a root shell   chakrit s solution didn t work for me   But I found -u switch of compinit works  e g  in your  zshrc zshenv or where you called compinit  compinit -u   NB  Not recommended for production system  See also http   zsh sourceforge net Doc Release Completion-System html Initialization

User · Answer

compaudit   xargs chmod g-w   will do the trick  see http   www wezm net technical 2008 09 zsh-cygwin-and-insecure-directories

User · Answer

None of the solutions listed worked for me  Instead  I ended up uninstalling and reinstalling Homebrew  which did the trick  Uninstall instructions may be found here  http   osxdaily com 2018 08 12 how-uninstall-homebrew-mac

User · Answer

These two lines have fixed for me   sudo chown -R  user  root  usr local share zsh  sudo chown -R  user  root  usr local share zsh

User · Answer

MAC OS X solution      sudo chmod -R 755  usr local share zsh   sudo chown -R root staff  usr local share zsh   Also  user staff   default root user on OSX

User · Answer

run compaudit and it will give you a list of directories it thinks are insecure sudo chown -R username root target directory sudo chmod -R 755 target directory

User · Answer

Once you understand the cause  solution is trivial and unequivocal   Cause  the directories output by compaudit have write permission by either group or others  world-writable   or those files are owned by somebody else other than root or yourself   Example  In my case  compaudit gave me that      compaudit  There are insecure directories   usr local share zsh site-functions  usr local share zsh  And if we list the permission of those files directories we have  in this case    ls -lh  usr local share  total 0 drwxr-xr-x  12 chbrandt  admin   384B Aug 14 10 45 aclocal drwxr-xr-x   8 chbrandt  admin   256B Aug 14 10 45 doc drwxr-xr-x   3 chbrandt  admin    96B Jul 24 21 00 fish lrwxr-xr-x   1 chbrandt  admin    36B Aug 14 10 45 gettext - gt     Cellar gettext 0 21 share gettext lrwxr-xr-x   1 chbrandt  admin    41B Aug 14 10 45 gettext-0 21 - gt     Cellar gettext 0 21 share gettext-0 21 lrwxr-xr-x   1 chbrandt  admin    37B Aug 14 10 45 gtk-doc - gt     Cellar libidn2 2 3 0 share gtk-doc drwxr-xr-x   9 chbrandt  admin   288B Aug 14 10 45 info drwxr-xr-x  58 chbrandt  admin   1 8K Aug 14 10 45 locale lrwxr-xr-x   1 chbrandt  admin    41B Jul 27 17 12 luajit-2 0 5 - gt     Cellar luajit 2 0 5 share luajit-2 0 5 drwxr-xr-x   5 chbrandt  admin   160B Jul 27 17 12 man lrwxr-xr-x   1 chbrandt  admin    33B Aug 14 10 45 nvim - gt     Cellar neovim 0 4 4 share nvim drwxrwxr-x   3 chbrandt  admin    96B Jul 24 20 57 zsh     ls -lh  usr local share zsh  total 0 drwxrwxr-x  4 chbrandt  admin   128B Jul 24 21 00 site-functions     ls -lh  usr local share zsh site-functions  total 0 lrwxr-xr-x  1 chbrandt  admin    39B Jul 24 21 00  brew - gt           Homebrew completions zsh  brew lrwxr-xr-x  1 chbrandt  admin    44B Jul 24 21 00  brew cask - gt           Homebrew completions zsh  brew cask  Now we easily spot the issue  don t we  Notice how zsh  and zsh site-functions directories differ from the others    That  w  allowing the admin group to modify them is not appreciated by zsh   Solution  Turn off that group-writable permission     chmod g-w  usr local share zsh    chmod g-w  usr local share zsh site-functions   That s it  You re good to go  Open a new terminal and you should not see the  quot zsh compinit  insecure directories quot  message anymore

[zsh] zsh compinit: insecure directories

Examples related to zsh

Examples related to zsh-completion