zsh (brew) and oh-my-zsh: Insecure completion-dependent directories detected (as root user)

When I run sudo -s I get those errors:

[oh-my-zsh] Insecure completion-dependent directories detected:
drwxr-xr-x    19 myusername  MYDOMAIN\Domain Users     608 Feb 10 07:08 /Users/myusername/.oh-my-zsh
drwxr-xr-x     5 myusername  MYDOMAIN\Domain Users     160 Feb  4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins
drwxr-xr-x    26 myusername  MYDOMAIN\Domain Users     832 Feb  4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins/zsh-autosuggestions
drwxr-xr-x    22 myusername  MYDOMAIN\Domain Users     704 Feb  4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting
drwxr-xr-x   277 myusername  MYDOMAIN\Domain Users    8864 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins
drwxr-xr-x     4 myusername  MYDOMAIN\Domain Users     128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/bgnotify
drwxr-xr-x     4 myusername  MYDOMAIN\Domain Users     128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/brew
drwxr-xr-x     4 myusername  MYDOMAIN\Domain Users     128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/git
drwxr-xr-x     5 myusername  MYDOMAIN\Domain Users     160 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/osx
drwxr-xr-x     4 myusername  MYDOMAIN\Domain Users     128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/web-search
drwxr-xr-x     6 myusername  MYDOMAIN\Domain Users     192 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh
drwxr-xr-x  1148 myusername  MYDOMAIN\Domain Users   36736 Feb  4 13:06 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions
-rw-r--r--     1 myusername  MYDOMAIN\Domain Users     279 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_SUSEconfig
-rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2800 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_a2ps
-rw-r--r--     1 myusername  MYDOMAIN\Domain Users     490 Feb  3  2019 
(...)
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     371 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_mkzsh
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    5478 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2095 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module-assistant
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     306 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module_math_func
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    5020 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_modutils
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2001 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_mondo
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2376 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_monotone
(...)
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    4061 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zoneadm
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     256 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zones
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    9492 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zpool
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2084 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zpty
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     696 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsh
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     719 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsh-mime-handler
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     384 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsocket
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users   19508 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zstyle
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     586 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_ztodo
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    6093 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zypper
    drwxr-xr-x     7 myusername  admin                     224 Feb  4 13:06 /usr/local/share/zsh
    drwxr-xr-x    10 myusername  admin                     320 Feb 10 10:07 /usr/local/share/zsh/site-functions
    lrwxr-xr-x     1 myusername  admin                      39 Sep 30  2016 /usr/local/share/zsh/site-functions/_brew -> ../../../Homebrew/completions/zsh/_brew
    lrwxr-xr-x     1 myusername  admin                      44 Sep 30  2016 /usr/local/share/zsh/site-functions/_brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
    lrwxr-xr-x     1 myusername  admin                      88 Mar  9  2017 /usr/local/share/zsh/site-functions/_brew_services -> ../../../Homebrew/Library/Taps/homebrew/homebrew-services/completions/zsh/_brew_services
    lrwxr-xr-x     1 myusername  admin                      58 Jan 30 12:15 /usr/local/share/zsh/site-functions/_git -> ../../../Cellar/git/2.25.0_1/share/zsh/site-functions/_git
    lrwxr-xr-x     1 myusername  admin                      71 Jan 27 07:20 /usr/local/share/zsh/site-functions/_kubectl -> ../../../Cellar/kubernetes-cli/1.17.2/share/zsh/site-functions/_kubectl
    lrwxr-xr-x     1 myusername  admin                      63 Feb 10 10:07 /usr/local/share/zsh/site-functions/_kubectx -> ../../../Cellar/kubectx/0.7.1/share/zsh/site-functions/_kubectx
    lrwxr-xr-x     1 myusername  admin                      62 Feb 10 10:07 /usr/local/share/zsh/site-functions/_kubens -> ../../../Cellar/kubectx/0.7.1/share/zsh/site-functions/_kubens

    [oh-my-zsh] For safety, we will not load completions from these directories until
    [oh-my-zsh] you fix their permissions and ownership and restart zsh.
    [oh-my-zsh] See the above list for directories with group or other writability.

    [oh-my-zsh] To fix your permissions you can do so by disabling
    [oh-my-zsh] the write permission of "group" and "others" and making sure that the
    [oh-my-zsh] owner of these directories is either root or your current user.
    [oh-my-zsh] The following command may help:
    [oh-my-zsh]     compaudit | xargs chmod g-w,o-w

    [oh-my-zsh] If the above didn't help or you want to skip the verification of
    [oh-my-zsh] insecure directories you can set the variable ZSH_DISABLE_COMPFIX to
    [oh-my-zsh] "true" before oh-my-zsh is sourced in your zshrc file.

I tried those fixes (from Stack Overflow and GitHub issues) and tested with restart of iTerm:

chmod 755 /usr/local/share/zsh
chmod 755 /usr/local/share/zsh/site-functions
chmod -R 755 ~/.oh-my-zsh
chown -R $(whoami) /usr/local/share/zsh
compaudit | xargs chmod g-w,o-w

They all didn't work. Still the same error messages.

Any other idea? Is it safe to add [[ $UID = 0 ]] && ZSH_DISABLE_COMPFIX=true into ZSH rc? I use brew's zsh as login shell and use latest oh-my-zsh and macOS Catalina.


Solution 1:

The tip here worked fine for me:

Put

ZSH_DISABLE_COMPFIX="true"

in your ~/.zshrc file, before

source $ZSH/oh-my-zsh.sh 

enter image description here

Solution 2:

Simple solution that worked for me was to restart my mac, start the terminal and check and make sure that the shell was defaulting to zsh, like this comment on the issue list for ohmyzsh's github repo

Hope if helps!