zsh compinit: insecure directories and files, run compaudit for list.

[k-lam]

I use oh-my-zsh, and I has followed the document.
but when I open a new termial on my Mac,it print
Ignore insecure directories and files and continue [y] or abort compinit [n]?

[hacfi]

@k-lam Don’t have a solution but maybe a good hint: see http://stackoverflow.com/questions/13762280/zsh-compinit-insecure-directories ..you might need to change the directory ownership/rights.

[arglee]

http://stackoverflow.com/a/41674919/2511142

[petemounce]

compinit -i via http://zsh.sourceforge.net/Doc/Release/Completion-System.html

[lebensterben]

So here is what I did,

1. run compaudit and it will give you a list of directories it thinks are unsecure
2. run sudo chown -R username:root target_directory
3. run sudo chmod -R 755 target_directory

---

Above is my original solution, which doesn't seem to work for some people.

Check the other solution proposed by @pine-byte
#433 (comment)

[HouCoder]

@lebensterben your solution worked for me, thanks.

[givingwu]

@lebensterben Hello, after i tried your solution, i got following error. and i don't know what happened with that? can u help me?

i ran to step 2:

sudo chown -R username:root /usr/local/share/zsh/site-functions

then the terminal outputs:

chown: root: illegal group name

i also tried google this error and tried other solutions:

1. chown-illegal-group-name-mac-os-x
2. zsh-compinit-insecure-directories,

but got same error too, it let me so confusing.

this is my users & groups screenshots:

thanks in advanced.

[ghost]

@lebensterben Hello, after i tried your solution, i got following error. and i don't know what happened with that? can u help me?

i ran to step 2:

sudo chown -R username:root /usr/local/share/zsh/site-functions

then the terminal outputs:

chown: root: illegal group name

i also tried google this error and tried other solutions:

1. chown-illegal-group-name-mac-os-x
2. zsh-compinit-insecure-directories,

but got same error too, it let me so confusing.

this is my users & groups screenshots:

thanks in advanced.

@vuchan The file is a link, you must set on current dir ,and you can see your group by command id,good luck!!

[givingwu]

@mqzi thanks for your comment The file is a link, you must set on current dir, it let me know what i did error.

1. i found the right dir at /usr/local/Homebrew/completions/zsh.
2. i removed the group name root.
3. i reran following shell commands:

sudo chown -R vuchan.c.wu /usr/local/Homebrew/completions/zsh
sudo chmod -R 755 /usr/local/Homebrew/completions/zsh

it works, thanks again @mqzi .

[yujiangshui]

@vuchan you save my day, thank you

[SouthRibbleTech]

if your sure the user who is logged in should have permission you could try

for f in $(compaudit);do sudo chown $(whoami):admin $f;done;

this will set the ownership correctly for every folder / file listed in the output of compaudit

[malaquiasdev]

This is closed, but nothing work to me.

My machine is a MacBook Pro (15-inch, 2019) with macOS Catalina.

The solution below, works well:

$ cd /usr/local/share/
$ sudo chmod -R 755 zsh
$ sudo chown -R root:staff zsh

Sorry to comment in a closed issue.

[frab90]

if your sure the user who is logged in should have permission you could try

for f in $(compaudit);do sudo chown $(whoami):admin $f;done;
this will set the ownership correctly for every folder / file listed in the output of compaudit

this worked fine for me. it fixed 5 out fo 7 files. I fixed the other two files using

sudo chmod -R 755 target_directory

[deftdawg]

This was broken for me as well on a fresh install of Catalina with brew, I believe this should be reopened as the steps to add:

if type brew &>/dev/null; then
    FPATH=$(brew --prefix)/share/zsh/site-functions:$FPATH

    autoload -Uz compinit
    compinit
fi

to .zshrc don't mention that

for f in $(compaudit);do sudo chmod -R 755 $f;done;

needs to be run to avoid getting the error below:

zsh compinit: insecure directories, run compaudit for list.
Ignore insecure directories and continue [y] or abort compinit [n]?

[pine-byte]

just run shell follows:
compaudit | xargs chmod g-w

[ericvida]

SOLUTION (for me)

Reinstalling zsh via brew did it for me.
You may need to install homebrew first if you haven't already.
Start with this command.

brew install zsh

I then got an error saying brew was already installed, I just needed to link to it, and gave me this command:

brew link zsh  

I had tried to replace the links for original files, thinking it would fix my permissions error, but brew gave an error saying there's files there that need to be overwritten and told me to run this command.

brew link --overwrite zsh

After that. All my errors were gone.
I hope it helps someone out there.

[nandorojo]

just run shell follows:
compaudit | xargs chmod g-w

This worked for me on a new Mac (Catalina)

[RamirezAlex]

just run shell follows:
compaudit | xargs chmod g-w

This one worked for me 👍

[SimonAKing]

Add the following code to .zshrc or .bashrc

fixZsh() {
	for f in $(compaudit)
	do 
		sudo chown -R $(whoami):root $f
		sudo chmod -R 755 $f
	done
}

reload terminal && exec fixZsh 🙃

[xhou]

just run shell follows:
compaudit | xargs chmod g-w

This one worked for me 👍

This works for me!!!

[PWrzesinski]

I just run:

sudo chmod -R 755 <dir>

for every directory listed by compaudit. Didn't need chown.

[chbrandt]

I tried to explain what is the (simple) cause for that here: https://stackoverflow.com/a/63447799/687896 , so that we don't start just typing commands we don't really understand what is going on. Basically, ZSH expects system files to be owned and modifiable (w) by either you (the one running the shell) or root.

[NanheKumar]

compaudit | xargs chmod g-w

[suejy]

just run shell follows:
compaudit | xargs chmod g-w

This work for me. Thank you @pine-byte !!!

[benwoodward]

compaudit | xargs sudo chmod g-w

I had to add sudo

[Vadorequest]

I got this error after installing Yarn or NVM on MacOS. I don't even use ZSH and I don't understand why it was installed.

I tried #433 (comment) and it didn't change anything.

[rivernews]

just run shell follows:
compaudit | xargs chmod g-w

Worked for me after a fresh macOS Big Sur install! No longer getting the warning.

[DakotaLMartinez]

So here is what I did,

1. run compaudit and it will give you a list of directories it thinks are unsecure
2. run sudo chown -R username:root target_directory
3. run sudo chmod -R 755 target_directory

I got the same error as @givingwu. (illegal group name) But just running the chmod command in step 3 on each directory worked for me to enable the autocomplete. (on Mac OS 10.15.6)

[e0da]

I hope folks read the thread a bit before recursively and unnecessarily chmodding a bunch of random stuff with +x. You really just want to remove group write permission, which is the compaudit | xargs chmod g-w solution several have suggested.

Not that there's a big scary downside or anything. But insofar as the files have "correct" permissions, not everything is "supposed" to have the executable bit set. Probably harmless in most/all situations, but if you're trying to understand and fix the problem, it's that the indicated files have the group writable bit set, and that's the thing you're changing with chmod 755, and that thing is more precisely fixed with chmod g-w. ❤️ 🌈 🖖

Edited 1 Jan 2021: Wait, no. I misread that. Never mind.

[airtonix]

just run shell follows:
compaudit | xargs chmod g-w

Does nothing:

~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? compaudit                  
There are insecure files:
/usr/local/share/zsh/site-functions/_brew
/usr/local/share/zsh/site-functions/_brew_cask

~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? ls -al /usr/local/share/zsh/site-functions/     
total 0
drwxr-xr-x  5 zeno.jiricek  admin  160 Apr  2  2019 .
drwxr-xr-x  3 zeno.jiricek  admin   96 Mar  5  2018 ..
lrwxr-xr-x  1 zeno.jiricek  admin   39 Mar  5  2018 _brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x  1 zeno.jiricek  admin   44 Mar  5  2018 _brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
lrwxr-xr-x  1 zeno.jiricek  admin   58 May 17  2018 spaceship.zsh -> /usr/local/lib/node_modules/spaceship-prompt/spaceship.zsh

~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? compaudit | xargs chmod g-w                
There are insecure files:

~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? ls -al /usr/local/share/zsh/site-functions/
total 0
drwxr-xr-x  5 zeno.jiricek  admin  160 Apr  2  2019 .
drwxr-xr-x  3 zeno.jiricek  admin   96 Mar  5  2018 ..
lrwxr-xr-x  1 zeno.jiricek  admin   39 Mar  5  2018 _brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x  1 zeno.jiricek  admin   44 Mar  5  2018 _brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
lrwxr-xr-x  1 zeno.jiricek  admin   58 May 17  2018 spaceship.zsh -> /usr/local/lib/node_modules/spaceship-prompt/spaceship.zsh


~/Projects/**** master                                                                                                                                  ? 1|0|0 Node system @####
? compaudit
There are insecure files:
/usr/local/share/zsh/site-functions/_brew
/usr/local/share/zsh/site-functions/_brew_cask

:D

[veljkho]

@lebensterben Hello, after i tried your solution, i got following error. and i don't know what happened with that? can u help me?

i ran to step 2:

sudo chown -R username:root /usr/local/share/zsh/site-functions

then the terminal outputs:

chown: root: illegal group name

i also tried google this error and tried other solutions:

1. chown-illegal-group-name-mac-os-x
2. zsh-compinit-insecure-directories,

but got same error too, it let me so confusing.

this is my users & groups screenshots:

thanks in advanced.

Where it says username:root just place your username so it looks like:
sudo chown -R YOUR_USERNAME_ONLY /usr/local/share/zsh/site-functions
then run sudo chmod -R 755 usr/local/share/zsh/site-functions

Then if you have more insecure directories do the same, like in my case this folder only usr/local/share/zsh

[tyirvine]

So here is what I did,

1. run compaudit and it will give you a list of directories it thinks are unsecure
2. run sudo chown -R username:root target_directory
3. run sudo chmod -R 755 target_directory

Above is my original solution, which doesn't seem to work for some people.

Check the other solution proposed by @pine-byte
#433 (comment)

Thank you for this solution. I'd just like to add, if you have admin privileges you shouldn't have to use sudo.

As well, only the top level directory needs to be secured. So for example if the directories that are insecure are ⤵︎

/usr/local/share/zsh/site-functions
/usr/local/share/zsh

then you only have to secure /usr/local/share/zsh.

For anyone wondering, 755 is a flag for chmod that does the following ⤵︎

[AkylaiSh]

just run shell follows:
compaudit | xargs chmod g-w

that worked for me as well, thank you

[truonglx-dev]

@mqzi thanks for your comment The file is a link, you must set on current dir, it let me know what i did error.

1. i found the right dir at /usr/local/Homebrew/completions/zsh.
2. i removed the group name root.
3. i reran following shell commands:

sudo chown -R vuchan.c.wu /usr/local/Homebrew/completions/zsh
sudo chmod -R 755 /usr/local/Homebrew/completions/zsh

it works, thanks again @mqzi .

work for me
many thanks

[giorgiovinci]

So here is what I did,

1. run compaudit and it will give you a list of directories it thinks are unsecure
2. run sudo chown -R username:root target_directory
3. run sudo chmod -R 755 target_directory

Above is my original solution, which doesn't seem to work for some people.

Check the other solution proposed by @pine-byte
#433 (comment)

sudo chmod -R 755 on the offending folder was enough for me!

[strafe]

Just so people know, the magical chmod g-w is removing write permissions for the group. It would seem zsh does not like anyone but you having write access to these folders.

[brunomrlima]

If you are installing Heroku with Homebrew, please check this docummentation: https://docs.brew.sh/Shell-Completion

Additionally, if you receive “zsh compinit: insecure directories” warnings when attempting to load these completions, you may need to run this:"

 chmod -R go-w "$(brew --prefix)/share"

[yudshj]

just run shell follows:
compaudit | xargs chmod g-w

Works for me (Catalina with Homebrew 2.7.5). Thanks a lot.

[gniw]

just run shell follows:
compaudit | xargs chmod g-w

Works for me! Thanks!

[millisami]

I'm on bigsur and this #433 (comment) worked for me.

[troyfontaine]

On macOS Catalina, the below worked for me as compaudit | xargs chmod g-w and #433 (comment) did not due to the way Homebrew is installed on my system.

1. run compaudit for the list of insecure directories
2. run sudo chown -R ${WHOAMI}:staff target_directory
3. run sudo chmod -R 755 target_directory

[DavidUps]

Run

1. sudo chmod -R 755 /usr/local/share/zsh
2. sudo chown -R root:staff /usr/local/share/zsh

[TeemuSuoranta]

Use compaudit to see paths to insecure directories/files. Notice that if the insecure file is symlink, just chmod/chown the symlink is not enough and you need to check the target of symlink and chmod/chown that too. To see symlink targets I used just ls -la /usr/local/share/zsh/site-functions.

[u-ways]

My problem was my export ZSH="home/{WRONG_USER}/.oh-my-zsh" had the wrong user because my .zshrc was an import from another machine. I change it to export ZSH="$HOME/.oh-my-zsh" and this solved it for me.

[maybeageek]

This is still not solved!

I make it a habit to NOT work with a user with admin rights. If I change the rights for the compaudit to be clear, I can't update or use homebrew anymore. It will outright reject doing anything.
So I had to revert the changes, giving me the "compinit: insecure directories" every time I open the terminal.

What can I do with a admin user and a non-admin user to not get this output on either users?

[edmund-oconnell]

Executing
compaudit | xargs chmod g-w
for me simply outputs ➜ ~ compaudit | xargs chmod g-w There are insecure directories and files:

with an empty list.

[jakubprogramming]

All of the proposed solutions did not work for me. What I finally did is uninstalling brew by running:
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/uninstall.sh)"
This will download and execute the uninstall script.
Finally installing brew again (if needed) will be possible.

[dijonkitchen]

All of the proposed solutions did not work for me. What I finally did is uninstalling brew by running: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/uninstall.sh)" This will download and execute the uninstall script. Finally installing brew again (if needed) will be possible.

Just reinstall brew with the script on their site works for me on the current user.

In my situation, I've got multiple users on one laptop with one of them having installed brew. When the other references and uses brew autocompletions on login, I get zsh's insecure directories message. Seems like all users are in the proper groups and there are no write permissions for those groups, so not sure what the problem is. I don't want to change the owners of the files since I want both users to be able to utilize brew autocompletions.

[msva]

then just make sure users are not going to do businness with files that belongs to another user

[mateofumis]

Works for me run the follow commands:

compaudit 
sudo chown -R root:root target_directory
sudo chmod -R 755 target_directory

"compaudit" for the list of insecure (target_directory)
.
.
Thanks you!

[nhooyr]

You want to use:

compinit -u

To disable the annoying permissions test. It doesn't add any security on macOS. See the documentation at zshcompsys(1).

[mateofumis]

Yessss, it's the correct way. Thanks you bro!