zsh compinit: insecure directories and files, run compaudit for list.

Question

zsh compinit: insecure directories and files, run compaudit for list.

k-lam opened this issue 8 years ago · 53 comments

I use oh-my-zsh, and I has followed the document.
but when I open a new termial on my Mac,it print
Ignore insecure directories and files and continue [y] or abort compinit [n]?

Answer 1 · 2016-07-07T08:51:43.000Z

@k-lam Don’t have a solution but maybe a good hint: see http://stackoverflow.com/questions/13762280/zsh-compinit-insecure-directories ..you might need to change the directory ownership/rights.

Answer 2 · 2017-01-16T11:05:24.000Z

http://stackoverflow.com/a/41674919/2511142

Answer 3 · 2017-11-22T16:06:18.000Z

compinit -i via http://zsh.sourceforge.net/Doc/Release/Completion-System.html

Answer 4 · 2018-05-21T09:21:28.000Z

So here is what I did,

run compaudit and it will give you a list of directories it thinks are unsecure
run sudo chown -R username:root target_directory
run sudo chmod -R 755 target_directory

Above is my original solution, which doesn't seem to work for some people.

Check the other solution proposed by @pine-byte
#433 (comment)

Answer 5 · 2018-08-24T16:21:34.000Z

@lebensterben your solution worked for me, thanks.

Answer 6 · 2019-01-07T02:51:10.000Z

@lebensterben Hello, after i tried your solution, i got following error. and i don't know what happened with that? can u help me?

i ran to step 2:

sudo chown -R username:root /usr/local/share/zsh/site-functions

then the terminal outputs:

chown: root: illegal group name

i also tried google this error and tried other solutions:

but got same error too, it let me so confusing.

this is my users & groups screenshots:

thanks in advanced.

Answer 7 · 2019-01-12T06:31:42.000Z

@lebensterben Hello, after i tried your solution, i got following error. and i don't know what happened with that? can u help me?

i ran to step 2:
sudo chown -R username:root /usr/local/share/zsh/site-functions
then the terminal outputs:
chown: root: illegal group name
i also tried google this error and tried other solutions:

chown-illegal-group-name-mac-os-x

zsh-compinit-insecure-directories,

but got same error too, it let me so confusing.

this is my users & groups screenshots:

thanks in advanced.

@vuchan The file is a link, you must set on current dir ,and you can see your group by command id,good luck!!

Answer 8 · 2019-01-14T05:34:08.000Z

@mqzi thanks for your comment The file is a link, you must set on current dir, it let me know what i did error.

i found the right dir at /usr/local/Homebrew/completions/zsh.
i removed the group name root.
i reran following shell commands:

sudo chown -R vuchan.c.wu /usr/local/Homebrew/completions/zsh
sudo chmod -R 755 /usr/local/Homebrew/completions/zsh

it works, thanks again @mqzi .

Answer 9 · 2019-08-24T21:11:59.000Z

@vuchan you save my day, thank you

Answer 10 · 2019-12-20T10:13:40.000Z

if your sure the user who is logged in should have permission you could try

for f in $(compaudit);do sudo chown $(whoami):admin $f;done;

this will set the ownership correctly for every folder / file listed in the output of compaudit

Answer 11 · 2020-03-18T12:01:14.000Z

This is closed, but nothing work to me.

My machine is a MacBook Pro (15-inch, 2019) with macOS Catalina.

The solution below, works well:

$ cd /usr/local/share/
$ sudo chmod -R 755 zsh
$ sudo chown -R root:staff zsh

Sorry to comment in a closed issue.

Answer 12 · 2020-04-03T23:01:06.000Z

if your sure the user who is logged in should have permission you could try

for f in $(compaudit);do sudo chown $(whoami):admin $f;done;
this will set the ownership correctly for every folder / file listed in the output of compaudit

this worked fine for me. it fixed 5 out fo 7 files. I fixed the other two files using

sudo chmod -R 755 target_directory

Answer 13 · 2020-04-14T16:23:02.000Z

This was broken for me as well on a fresh install of Catalina with brew, I believe this should be reopened as the steps to add:

if type brew &>/dev/null; then
    FPATH=$(brew --prefix)/share/zsh/site-functions:$FPATH

    autoload -Uz compinit
    compinit
fi

to .zshrc don't mention that

for f in $(compaudit);do sudo chmod -R 755 $f;done;

needs to be run to avoid getting the error below:

zsh compinit: insecure directories, run compaudit for list.
Ignore insecure directories and continue [y] or abort compinit [n]?

Answer 14 · 2020-04-25T04:55:37.000Z

just run shell follows:
compaudit | xargs chmod g-w

Answer 15 · 2020-05-07T21:47:15.000Z

SOLUTION (for me)

Reinstalling zsh via brew did it for me.
You may need to install homebrew first if you haven't already.
Start with this command.

brew install zsh

I then got an error saying brew was already installed, I just needed to link to it, and gave me this command:

brew link zsh

I had tried to replace the links for original files, thinking it would fix my permissions error, but brew gave an error saying there's files there that need to be overwritten and told me to run this command.

brew link --overwrite zsh

After that. All my errors were gone.
I hope it helps someone out there.

Answer 16 · 2020-05-15T22:52:57.000Z

just run shell follows:
compaudit | xargs chmod g-w

This worked for me on a new Mac (Catalina)

Answer 17 · 2020-06-21T02:11:23.000Z

just run shell follows:
compaudit | xargs chmod g-w

This one worked for me 👍

Answer 18 · 2020-06-27T15:12:06.000Z

Add the following code to .zshrc or .bashrc

fixZsh() {
	for f in $(compaudit)
	do 
		sudo chown -R $(whoami):root $f
		sudo chmod -R 755 $f
	done
}

reload terminal && exec fixZsh 🙃

Answer 19 · 2020-07-11T06:54:53.000Z

just run shell follows:
compaudit | xargs chmod g-w

This one worked for me 👍

This works for me!!!

Answer 20 · 2020-08-19T07:25:34.000Z

I just run:

sudo chmod -R 755 <dir>

for every directory listed by compaudit. Didn't need chown.

Answer 21 · 2020-08-22T22:41:25.000Z

I tried to explain what is the (simple) cause for that here: https://stackoverflow.com/a/63447799/687896 , so that we don't start just typing commands we don't really understand what is going on. Basically, ZSH expects system files to be owned and modifiable (w) by either you (the one running the shell) or root.

Answer 22 · 2020-08-25T16:21:28.000Z

compaudit | xargs chmod g-w

Answer 23 · 2020-09-11T02:15:34.000Z

just run shell follows:
compaudit | xargs chmod g-w

This work for me. Thank you @pine-byte !!!

Answer 24 · 2020-09-19T07:26:15.000Z

compaudit | xargs sudo chmod g-w

I had to add sudo

Answer 25 · 2020-09-23T16:07:02.000Z

just run shell follows:
compaudit | xargs chmod g-w

This work for me. But it makes my iTerm need take few seconds to open up

Answer 26 · 2020-10-29T01:18:41.000Z

I got the chown: root: illegal group name error as well. I did a simple ls -la <dir> and saw that the group listed was staff, not root. When I changed root to staff and ran the same commands @malaquiasdev listed in #433 (comment), everything worked for me.

Answer 27 · 2020-10-29T08:20:08.000Z

I got this error after installing Yarn or NVM on MacOS. I don't even use ZSH and I don't understand why it was installed.

I tried #433 (comment) and it didn't change anything.

Answer 28 · 2020-11-27T05:07:18.000Z

just run shell follows:
compaudit | xargs chmod g-w

Worked for me after a fresh macOS Big Sur install! No longer getting the warning.

Answer 29 · 2020-12-18T17:44:45.000Z

So here is what I did,

run compaudit and it will give you a list of directories it thinks are unsecure

run sudo chown -R username:root target_directory

run sudo chmod -R 755 target_directory

I got the same error as @givingwu. (illegal group name) But just running the chmod command in step 3 on each directory worked for me to enable the autocomplete. (on Mac OS 10.15.6)

Answer 30 · 2020-12-19T20:11:13.000Z

I hope folks read the thread a bit before recursively and unnecessarily chmodding a bunch of random stuff with +x. You really just want to remove group write permission, which is the compaudit | xargs chmod g-w solution several have suggested.

Not that there's a big scary downside or anything. But insofar as the files have "correct" permissions, not everything is "supposed" to have the executable bit set. Probably harmless in most/all situations, but if you're trying to understand and fix the problem, it's that the indicated files have the group writable bit set, and that's the thing you're changing with chmod 755, and that thing is more precisely fixed with chmod g-w. ❤️ 🌈 🖖

Edited 1 Jan 2021: Wait, no. I misread that. Never mind.

Answer 31 · 2021-01-05T04:45:20.000Z

just run shell follows:
compaudit | xargs chmod g-w

Does nothing:

~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? compaudit                  
There are insecure files:
/usr/local/share/zsh/site-functions/_brew
/usr/local/share/zsh/site-functions/_brew_cask

~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? ls -al /usr/local/share/zsh/site-functions/     
total 0
drwxr-xr-x  5 zeno.jiricek  admin  160 Apr  2  2019 .
drwxr-xr-x  3 zeno.jiricek  admin   96 Mar  5  2018 ..
lrwxr-xr-x  1 zeno.jiricek  admin   39 Mar  5  2018 _brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x  1 zeno.jiricek  admin   44 Mar  5  2018 _brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
lrwxr-xr-x  1 zeno.jiricek  admin   58 May 17  2018 spaceship.zsh -> /usr/local/lib/node_modules/spaceship-prompt/spaceship.zsh

~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? compaudit | xargs chmod g-w                
There are insecure files:

~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? ls -al /usr/local/share/zsh/site-functions/
total 0
drwxr-xr-x  5 zeno.jiricek  admin  160 Apr  2  2019 .
drwxr-xr-x  3 zeno.jiricek  admin   96 Mar  5  2018 ..
lrwxr-xr-x  1 zeno.jiricek  admin   39 Mar  5  2018 _brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x  1 zeno.jiricek  admin   44 Mar  5  2018 _brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
lrwxr-xr-x  1 zeno.jiricek  admin   58 May 17  2018 spaceship.zsh -> /usr/local/lib/node_modules/spaceship-prompt/spaceship.zsh


~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? compaudit
There are insecure files:
/usr/local/share/zsh/site-functions/_brew
/usr/local/share/zsh/site-functions/_brew_cask

:D

Answer 32 · 2021-01-11T18:32:01.000Z

@lebensterben Hello, after i tried your solution, i got following error. and i don't know what happened with that? can u help me?

i ran to step 2:
sudo chown -R username:root /usr/local/share/zsh/site-functions
then the terminal outputs:
chown: root: illegal group name
i also tried google this error and tried other solutions:

chown-illegal-group-name-mac-os-x

zsh-compinit-insecure-directories,

but got same error too, it let me so confusing.

this is my users & groups screenshots:

thanks in advanced.

Where it says username:root just place your username so it looks like:
sudo chown -R YOUR_USERNAME_ONLY /usr/local/share/zsh/site-functions
then run sudo chmod -R 755 usr/local/share/zsh/site-functions

Then if you have more insecure directories do the same, like in my case this folder only usr/local/share/zsh

Answer 33 · 2021-02-07T17:51:24.000Z

So here is what I did,

run compaudit and it will give you a list of directories it thinks are unsecure

run sudo chown -R username:root target_directory

run sudo chmod -R 755 target_directory

Above is my original solution, which doesn't seem to work for some people.

Check the other solution proposed by @pine-byte
#433 (comment)

Thank you for this solution. I'd just like to add, if you have admin privileges you shouldn't have to use sudo.

As well, only the top level directory needs to be secured. So for example if the directories that are insecure are ⤵︎

/usr/local/share/zsh/site-functions
/usr/local/share/zsh

then you only have to secure /usr/local/share/zsh.

For anyone wondering, 755 is a flag for chmod that does the following ⤵︎

Answer 34 · 2021-02-16T14:47:07.000Z

just run shell follows:
compaudit | xargs chmod g-w

that worked for me as well, thank you

Answer 35 · 2021-02-26T09:12:49.000Z

@mqzi thanks for your comment The file is a link, you must set on current dir, it let me know what i did error.

i found the right dir at /usr/local/Homebrew/completions/zsh.

i removed the group name root.

i reran following shell commands:

sudo chown -R vuchan.c.wu /usr/local/Homebrew/completions/zsh
sudo chmod -R 755 /usr/local/Homebrew/completions/zsh

it works, thanks again @mqzi .

work for me
many thanks

Answer 36 · 2021-03-03T07:54:21.000Z

So here is what I did,

run compaudit and it will give you a list of directories it thinks are unsecure

run sudo chown -R username:root target_directory

run sudo chmod -R 755 target_directory

Above is my original solution, which doesn't seem to work for some people.

Check the other solution proposed by @pine-byte
#433 (comment)

sudo chmod -R 755 on the offending folder was enough for me!

Answer 37 · 2021-03-03T12:40:19.000Z

Just so people know, the magical chmod g-w is removing write permissions for the group. It would seem zsh does not like anyone but you having write access to these folders.

Answer 38 · 2021-03-15T16:07:59.000Z

If you are installing Heroku with Homebrew, please check this docummentation: https://docs.brew.sh/Shell-Completion

Additionally, if you receive “zsh compinit: insecure directories” warnings when attempting to load these completions, you may need to run this:"

 chmod -R go-w "$(brew --prefix)/share"

Answer 39 · 2021-03-26T07:42:03.000Z

just run shell follows:
compaudit | xargs chmod g-w

Works for me (Catalina with Homebrew 2.7.5). Thanks a lot.

Answer 40 · 2021-04-02T04:18:04.000Z

just run shell follows:
compaudit | xargs chmod g-w

Works for me! Thanks!

Answer 41 · 2021-04-08T07:09:25.000Z

I'm on bigsur and this #433 (comment) worked for me.

Answer 42 · 2021-04-08T14:31:38.000Z

On macOS Catalina, the below worked for me as compaudit | xargs chmod g-w and #433 (comment) did not due to the way Homebrew is installed on my system.

run compaudit for the list of insecure directories
run sudo chown -R ${WHOAMI}:staff target_directory
run sudo chmod -R 755 target_directory

Answer 43 · 2021-06-17T09:27:45.000Z

Run

sudo chmod -R 755 /usr/local/share/zsh
sudo chown -R root:staff /usr/local/share/zsh

Answer 44 · 2021-07-29T05:56:50.000Z

Use compaudit to see paths to insecure directories/files. Notice that if the insecure file is symlink, just chmod/chown the symlink is not enough and you need to check the target of symlink and chmod/chown that too. To see symlink targets I used just ls -la /usr/local/share/zsh/site-functions.

Answer 45 · 2021-08-03T00:13:54.000Z

My problem was my export ZSH="home/{WRONG_USER}/.oh-my-zsh" had the wrong user because my .zshrc was an import from another machine. I change it to export ZSH="$HOME/.oh-my-zsh" and this solved it for me.

Answer 46 · 2021-08-19T14:23:11.000Z

This is still not solved!

I make it a habit to NOT work with a user with admin rights. If I change the rights for the compaudit to be clear, I can't update or use homebrew anymore. It will outright reject doing anything.
So I had to revert the changes, giving me the "compinit: insecure directories" every time I open the terminal.

What can I do with a admin user and a non-admin user to not get this output on either users?

Answer 47 · 2021-09-21T04:05:44.000Z

Executing
compaudit | xargs chmod g-w
for me simply outputs ➜ ~ compaudit | xargs chmod g-w There are insecure directories and files:

with an empty list.

Answer 48 · 2021-09-27T08:31:59.000Z

All of the proposed solutions did not work for me. What I finally did is uninstalling brew by running:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/uninstall.sh)"
This will download and execute the uninstall script.
Finally installing brew again (if needed) will be possible.

Answer 49 · 2021-10-20T13:30:24.000Z

All of the proposed solutions did not work for me. What I finally did is uninstalling brew by running: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/uninstall.sh)" This will download and execute the uninstall script. Finally installing brew again (if needed) will be possible.

Just reinstall brew with the script on their site works for me on the current user.

In my situation, I've got multiple users on one laptop with one of them having installed brew. When the other references and uses brew autocompletions on login, I get zsh's insecure directories message. Seems like all users are in the proper groups and there are no write permissions for those groups, so not sure what the problem is. I don't want to change the owners of the files since I want both users to be able to utilize brew autocompletions.

Answer 50 · 2021-11-07T19:49:54.000Z

then just make sure users are not going to do businness with files that belongs to another user

Answer 51 · 2022-01-23T10:07:00.000Z

Works for me run the follow commands:

compaudit 
sudo chown -R root:root target_directory
sudo chmod -R 755 target_directory

"compaudit" for the list of insecure (target_directory)
.
.
Thanks you!

Answer 52 · 2022-05-25T23:13:28.000Z

You want to use:

compinit -u

To disable the annoying permissions test. It doesn't add any security on macOS. See the documentation at zshcompsys(1).

Answer 53 · 2022-05-30T19:14:42.000Z

Yessss, it's the correct way. Thanks you bro!