zsh compinit: insecure directories

Question

What does it mean and how can I fix it?

zsh compinit: insecure directories, run compaudit for list.
Ignore insecure directories and continue [y] or abort compini         


        

Answer 1

I got this issue after running the google-cloud-sdk install script, which adds command-completion to the shell via an entry in .zshrc.

Following Homebrew's instructions for configuring completions in zsh was helpful.

Additionally, if you receive “zsh compinit: insecure directories” warnings when attempting to load these completions, you may need to run this: chmod -R go-w "$(brew --prefix)/share"

Answer 2

My machine:

System Version: macOS 10.15.4 (19E287)
Kernel Version: Darwin 19.4.0

So here is what I did,

1. run compaudit and it will give you a list of directories it thinks are unsecure.

2. run sudo chmod -R 755 target_directory (example: sudo chmod -R 755 /usr/local/share/zsh)

Exmaple:

compaudit

returns:

/usr/local/share/zsh

so I run

sudo chmod -R 755 /usr/local/share/zsh

read more here link

Answer 3

The accepted answer did not work for me on macOs Sierra (10.12.1). Had to do it recursive from /usr/local

cd /usr/local
sudo chown -R <your-username>:<your-group-name> *

Note: You can get your username with whoami and your group with id -g

Answer 4

This works for my Mac since High Sierra update.

Remove the group write access:

sudo chmod g-w /usr/local/share/zsh/site-functions
sudo chmod g-w /usr/local/share/zsh

It’s best to keep the change limited to zsh directories.

Answer 5

I fixed it by doing

sudo chown root:staff -R /usr/local/share/zsh

in my case other directories inside share/ also have "staff" group assigned

Answer 6

Once you understand the cause, solution is trivial and unequivocal.

• Cause: the directories output by compaudit have write permission by either group or others (world-writable); or those files are owned by somebody else other than root or yourself.

• Example: In my case, compaudit gave me that:

% compaudit 
There are insecure directories:
/usr/local/share/zsh/site-functions
/usr/local/share/zsh

And if we list the permission of those files/directories we have (in this case)

% ls -lh /usr/local/share 
total 0
drwxr-xr-x  12 chbrandt  admin   384B Aug 14 10:45 aclocal
drwxr-xr-x   8 chbrandt  admin   256B Aug 14 10:45 doc
drwxr-xr-x   3 chbrandt  admin    96B Jul 24 21:00 fish
lrwxr-xr-x   1 chbrandt  admin    36B Aug 14 10:45 gettext -> ../Cellar/gettext/0.21/share/gettext
lrwxr-xr-x   1 chbrandt  admin    41B Aug 14 10:45 gettext-0.21 -> ../Cellar/gettext/0.21/share/gettext-0.21
lrwxr-xr-x   1 chbrandt  admin    37B Aug 14 10:45 gtk-doc -> ../Cellar/libidn2/2.3.0/share/gtk-doc
drwxr-xr-x   9 chbrandt  admin   288B Aug 14 10:45 info
drwxr-xr-x  58 chbrandt  admin   1.8K Aug 14 10:45 locale
lrwxr-xr-x   1 chbrandt  admin    41B Jul 27 17:12 luajit-2.0.5 -> ../Cellar/luajit/2.0.5/share/luajit-2.0.5
drwxr-xr-x   5 chbrandt  admin   160B Jul 27 17:12 man
lrwxr-xr-x   1 chbrandt  admin    33B Aug 14 10:45 nvim -> ../Cellar/neovim/0.4.4/share/nvim
drwxrwxr-x   3 chbrandt  admin    96B Jul 24 20:57 zsh
%
% ls -lh /usr/local/share/zsh 
total 0
drwxrwxr-x  4 chbrandt  admin   128B Jul 24 21:00 site-functions
%
% ls -lh /usr/local/share/zsh/site-functions 
total 0
lrwxr-xr-x  1 chbrandt  admin    39B Jul 24 21:00 _brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x  1 chbrandt  admin    44B Jul 24 21:00 _brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask

Now we easily spot the issue, don't we? Notice how zsh/ and zsh/site-functions directories differ from the others... That 'w' allowing the admin group to modify them is not appreciated by zsh.

• Solution: Turn off that group-writable permission!

% chmod g-w /usr/local/share/zsh 
% chmod g-w /usr/local/share/zsh/site-functions 

That's it! You're good to go. Open a new terminal and you should not see the "zsh compinit: insecure directories" message anymore ;)