What does it mean and how can I fix it?
zsh compinit: insecure directories, run compaudit for list.
Ignore insecure directories and continue [y] or abort compini
I got this issue after running the google-cloud-sdk
install script, which adds command-completion to the shell via an entry in .zshrc
.
Following Homebrew's instructions for configuring completions in zsh was helpful.
Additionally, if you receive “zsh compinit: insecure directories” warnings when attempting to load these completions, you may need to run this:
chmod -R go-w "$(brew --prefix)/share"
My machine:
System Version: macOS 10.15.4 (19E287)
Kernel Version: Darwin 19.4.0
So here is what I did,
run compaudit
and it will give you a list of directories it thinks are unsecure.
run sudo chmod -R 755 target_directory
(example: sudo chmod -R 755 /usr/local/share/zsh
)
Exmaple:
compaudit
returns:
/usr/local/share/zsh
so I run
sudo chmod -R 755 /usr/local/share/zsh
The accepted answer did not work for me on macOs Sierra (10.12.1). Had to do it recursive from /usr/local
cd /usr/local
sudo chown -R <your-username>:<your-group-name> *
Note: You can get your username with whoami
and your group with id -g
This works for my Mac since High Sierra update.
Remove the group write access:
sudo chmod g-w /usr/local/share/zsh/site-functions
sudo chmod g-w /usr/local/share/zsh
It’s best to keep the change limited to zsh directories.
I fixed it by doing
sudo chown root:staff -R /usr/local/share/zsh
in my case other directories inside share/ also have "staff" group assigned
Once you understand the cause, solution is trivial and unequivocal.
Cause: the directories output by compaudit
have write permission by either group or others (world-writable); or those files are owned by somebody else other than root or yourself.
Example: In my case, compaudit
gave me that:
% compaudit
There are insecure directories:
/usr/local/share/zsh/site-functions
/usr/local/share/zsh
And if we list the permission of those files/directories we have (in this case)
% ls -lh /usr/local/share
total 0
drwxr-xr-x 12 chbrandt admin 384B Aug 14 10:45 aclocal
drwxr-xr-x 8 chbrandt admin 256B Aug 14 10:45 doc
drwxr-xr-x 3 chbrandt admin 96B Jul 24 21:00 fish
lrwxr-xr-x 1 chbrandt admin 36B Aug 14 10:45 gettext -> ../Cellar/gettext/0.21/share/gettext
lrwxr-xr-x 1 chbrandt admin 41B Aug 14 10:45 gettext-0.21 -> ../Cellar/gettext/0.21/share/gettext-0.21
lrwxr-xr-x 1 chbrandt admin 37B Aug 14 10:45 gtk-doc -> ../Cellar/libidn2/2.3.0/share/gtk-doc
drwxr-xr-x 9 chbrandt admin 288B Aug 14 10:45 info
drwxr-xr-x 58 chbrandt admin 1.8K Aug 14 10:45 locale
lrwxr-xr-x 1 chbrandt admin 41B Jul 27 17:12 luajit-2.0.5 -> ../Cellar/luajit/2.0.5/share/luajit-2.0.5
drwxr-xr-x 5 chbrandt admin 160B Jul 27 17:12 man
lrwxr-xr-x 1 chbrandt admin 33B Aug 14 10:45 nvim -> ../Cellar/neovim/0.4.4/share/nvim
drwxrwxr-x 3 chbrandt admin 96B Jul 24 20:57 zsh
%
% ls -lh /usr/local/share/zsh
total 0
drwxrwxr-x 4 chbrandt admin 128B Jul 24 21:00 site-functions
%
% ls -lh /usr/local/share/zsh/site-functions
total 0
lrwxr-xr-x 1 chbrandt admin 39B Jul 24 21:00 _brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x 1 chbrandt admin 44B Jul 24 21:00 _brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
Now we easily spot the issue, don't we? Notice how zsh/
and zsh/site-functions
directories differ from the others...
That 'w
' allowing the admin
group to modify them is not appreciated by zsh.
% chmod g-w /usr/local/share/zsh
% chmod g-w /usr/local/share/zsh/site-functions
That's it! You're good to go. Open a new terminal and you should not see the "zsh compinit: insecure directories
" message anymore ;)