zsh compinit: insecure directories

Question

What does it mean and how can I fix it?

zsh compinit: insecure directories, run compaudit for list.
Ignore insecure directories and continue [y] or abort compini         


        

Answer 1

Send a y character to the input stream of the script using compinit, in order to automatically answer the Ignore insecure directories and files and continue [y] or abort compinit [n]? question

echo "y" > source <GOOGLECLOUDSDK>/completion.zsh.inc

The solution is useful when

• you can't make ownership/access changes to the folders
• when you can't use the -u option to remove the warning (probably because you don't explicitly call 'compinit' yourself, but it's called by a script you call)

Remark: It doesn't fix the problem and only hides the warning (as opposed to others answers here which involve removing 'group write access' or 'change ownership to root').

Answer 2

This fixed it for me:

$ sudo chmod -R 755 /usr/local/share/zsh/site-functions

Credit: a post on zsh mailing list

---

EDIT: As pointed out by @biocyberman in the comments. You may need to update the owner of site-functions as well:

$ sudo chown -R root:root /usr/local/share/zsh/site-functions

On my machine (OSX 10.9), I do not need to do this but YMMV.

EDIT2: On OSX 10.11, only this worked:

$ sudo chmod -R 755 /usr/local/share/zsh
$ sudo chown -R root:staff /usr/local/share/zsh

Also user:staff is the correct default permission on OSX.

Answer 3

I had the same warning lately on Catalina. An easy workaround is to put this to the top of your .zshrc

ZSH_DISABLE_COMPFIX=true

Answer 4

compaudit | xargs chmod g-w

will do the trick, see http://www.wezm.net/technical/2008/09/zsh-cygwin-and-insecure-directories/

Answer 5

Most answers come with a solution, but do not mention why this warning occurs. Here's an excerpt from ZSH's compinit:

For security reasons compinit also checks if the completion system would use files not owned by root or by the current user, or files in directories that are world- or group-writable or that are not owned by root or by the current user. If such files or directories are found, compinit will ask if the completion system should really be used. To avoid these tests and make all files found be used without asking, use the option -u, and to make compinit silently ignore all insecure files and directories use the option -i. This security check is skipped entirely when the -C option is given.

Hence, the solution implies fixing one (or all) of the following:

• setting the current user as the owner of all the directories/subdirectories/files in cause:

  compaudit | xargs chown -R "$(whoami)"
  

• removing write permissions for group/others for the files in cause:

  compaudit | xargs chmod go-w
  

Another approach would be to skip these checks by using

compinit -u

but I don't really suggest this, as hiding problems under a rug only solves problems in the short run.

Answer 6

This morning, some packages in my system updated, and left me with this error message. I am using Ubuntu 18.04.

Apparently, something in the update changed the username and group to numbers, instead of root, as so:

# There are insecure files: /usr/share/zsh/vendor-completions/_code
# sudo ls -alh
-rw-r--r-- 1  131  142 2.6K 2019-10-10 16:28 _code

I simply changed the user and group for this file back to root and the problem went away. I did not need to change any permissions, and would caution against doing so unless the underlying cause of the problem is understood.

sudo chown root _code && sudo chgrp root _code

After switching 131 and 142 back to root, this error message from zsh went away.