zsh compinit: insecure directories

2020-05-10 19:24发布

问题:

What does it mean and how can I fix it?

zsh compinit: insecure directories, run compaudit for list.
Ignore insecure directories and continue [y] or abort compinit [n]?

Running the compaudit returns the follows:

There are insecure directories:
/usr/local/share/zsh/site-functions

回答1:

This fixed it for me:

$ cd /usr/local/share/zsh
$ sudo chmod -R 755 ./site-functions

Credit: a post on zsh mailing list


EDIT: As pointed out by @biocyberman in the comments. You may need to update the owner of site-functions as well:

$ sudo chown -R root:root ./site-functions

On my machine (OSX 10.9), I do not need to do this but YMMV.

EDIT2: On OSX 10.11, only this worked:

$ cd /usr/local/share/
$ sudo chmod -R 755 zsh
$ sudo chown -R root:staff zsh

Also user:staff is the correct default permission on OSX.



回答2:

compaudit | xargs chmod g-w

will do the trick, see http://www.wezm.net/technical/2008/09/zsh-cygwin-and-insecure-directories/



回答3:

Most answers come with a solution, but do not mention why this warning occurs. Here's an excerpt from ZSH's compinit:

For security reasons compinit also checks if the completion system would use files not owned by root or by the current user, or files in directories that are world- or group-writable or that are not owned by root or by the current user. If such files or directories are found, compinit will ask if the completion system should really be used. To avoid these tests and make all files found be used without asking, use the option -u, and to make compinit silently ignore all insecure files and directories use the option -i. This security check is skipped entirely when the -C option is given.

Hence, the solution implies fixing one (or all) of the following:

  • setting the current user as the owner of all the directories/subdirectories/files in cause:

    compaudit | xargs chown -R "$(whoami)"
    
  • removing write permissions for group/others for the files in cause:

    compaudit | xargs chmod go-w
    

Another approach would be to skip these checks by using

compinit -u

but I don't really suggest this, as hiding problems under a rug only solves problems in the short run.



回答4:

I got the same warnings when I sudo -i starting a root shell, @chakrit's solution didn't work for me.

But I found -u switch of compinit works, e.g. in your .zshrc/zshenv or where you called compinit

compinit -u

NB: Not recommended for production system

See also http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Initialization



回答5:

The accepted answer did not work for me on macOs Sierra (10.12.1). Had to do it recursive from /usr/local

cd /usr/local
sudo chown -R <your-username>:<your-group-name> *

Note: You can get your username with whoami and your group with id -g



回答6:

This works for my Mac after the update to High Sierra.

Remove group write access:

sudo chmod g-w /usr/local/share/zsh/site-functions
sudo chmod g-w /usr/local/share/zsh

It’s best to keep the change limited to the scope of zsh directories.



回答7:

These two lines have fixed for me.

sudo chown -R _user_:root /usr/local/share/zsh

sudo chown -R _user_:root /usr/local/share/zsh/*


回答8:

On macOS Sierra you need to run: sudo chown -R $(whoami):staff /usr/local



回答9:

on Mojave, this did the trick : sudo chmod go-w /usr/local/share



回答10:

I fixed it by doing

sudo chown root:staff -R /usr/local/share/zsh

in my case other directories inside share/ also have "staff" group assigned



回答11:

This was the only thing that worked for me from https://github.com/zsh-users/zsh-completions/issues/433#issuecomment-600582607. Thanks https://github.com/malaquiasdev!

  $ cd /usr/local/share/
  $ sudo chmod -R 755 zsh
  $ sudo chown -R root:staff zsh


回答12:

This morning, some packages in my system updated, and left me with this error message. I am using Ubuntu 18.04.

Apparently, something in the update changed the username and group to numbers, instead of root, as so:

# There are insecure files: /usr/share/zsh/vendor-completions/_code
# sudo ls -alh
-rw-r--r-- 1  131  142 2.6K 2019-10-10 16:28 _code

I simply changed the user and group for this file back to root and the problem went away. I did not need to change any permissions, and would caution against doing so unless the underlying cause of the problem is understood.

sudo chown root _code && sudo chgrp root _code

After switching 131 and 142 back to root, this error message from zsh went away.



回答13:

  1. run compaudit and it will give you a list of directories it thinks are insecure

  2. sudo chown -R username:root target_directory

  3. sudo chmod -R 755 target_directory



回答14:

None of the solutions listed worked for me. Instead, I ended up uninstalling and reinstalling Homebrew, which did the trick. Uninstall instructions may be found here: http://osxdaily.com/2018/08/12/how-uninstall-homebrew-mac/



回答15:

My suggestion would be to run compaudit and then just fix permissions on the directories found by the audit. Make sure the identified directories do not have write permissions for group or other.