zsh (brew) and oh-my-zsh: Insecure completion-dependent directories detected (as root user)
When I run sudo -s
I get those errors:
[oh-my-zsh] Insecure completion-dependent directories detected:
drwxr-xr-x 19 myusername MYDOMAIN\Domain Users 608 Feb 10 07:08 /Users/myusername/.oh-my-zsh
drwxr-xr-x 5 myusername MYDOMAIN\Domain Users 160 Feb 4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins
drwxr-xr-x 26 myusername MYDOMAIN\Domain Users 832 Feb 4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins/zsh-autosuggestions
drwxr-xr-x 22 myusername MYDOMAIN\Domain Users 704 Feb 4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting
drwxr-xr-x 277 myusername MYDOMAIN\Domain Users 8864 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins
drwxr-xr-x 4 myusername MYDOMAIN\Domain Users 128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/bgnotify
drwxr-xr-x 4 myusername MYDOMAIN\Domain Users 128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/brew
drwxr-xr-x 4 myusername MYDOMAIN\Domain Users 128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/git
drwxr-xr-x 5 myusername MYDOMAIN\Domain Users 160 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/osx
drwxr-xr-x 4 myusername MYDOMAIN\Domain Users 128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/web-search
drwxr-xr-x 6 myusername MYDOMAIN\Domain Users 192 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh
drwxr-xr-x 1148 myusername MYDOMAIN\Domain Users 36736 Feb 4 13:06 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 279 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_SUSEconfig
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 2800 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_a2ps
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 490 Feb 3 2019
(...)
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 371 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_mkzsh
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 5478 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 2095 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module-assistant
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 306 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module_math_func
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 5020 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_modutils
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 2001 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_mondo
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 2376 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_monotone
(...)
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 4061 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zoneadm
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 256 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zones
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 9492 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zpool
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 2084 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zpty
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 696 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsh
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 719 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsh-mime-handler
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 384 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsocket
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 19508 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zstyle
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 586 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_ztodo
-rw-r--r-- 1 myusername MYDOMAIN\Domain Users 6093 Feb 3 2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zypper
drwxr-xr-x 7 myusername admin 224 Feb 4 13:06 /usr/local/share/zsh
drwxr-xr-x 10 myusername admin 320 Feb 10 10:07 /usr/local/share/zsh/site-functions
lrwxr-xr-x 1 myusername admin 39 Sep 30 2016 /usr/local/share/zsh/site-functions/_brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x 1 myusername admin 44 Sep 30 2016 /usr/local/share/zsh/site-functions/_brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
lrwxr-xr-x 1 myusername admin 88 Mar 9 2017 /usr/local/share/zsh/site-functions/_brew_services -> ../../../Homebrew/Library/Taps/homebrew/homebrew-services/completions/zsh/_brew_services
lrwxr-xr-x 1 myusername admin 58 Jan 30 12:15 /usr/local/share/zsh/site-functions/_git -> ../../../Cellar/git/2.25.0_1/share/zsh/site-functions/_git
lrwxr-xr-x 1 myusername admin 71 Jan 27 07:20 /usr/local/share/zsh/site-functions/_kubectl -> ../../../Cellar/kubernetes-cli/1.17.2/share/zsh/site-functions/_kubectl
lrwxr-xr-x 1 myusername admin 63 Feb 10 10:07 /usr/local/share/zsh/site-functions/_kubectx -> ../../../Cellar/kubectx/0.7.1/share/zsh/site-functions/_kubectx
lrwxr-xr-x 1 myusername admin 62 Feb 10 10:07 /usr/local/share/zsh/site-functions/_kubens -> ../../../Cellar/kubectx/0.7.1/share/zsh/site-functions/_kubens
[oh-my-zsh] For safety, we will not load completions from these directories until
[oh-my-zsh] you fix their permissions and ownership and restart zsh.
[oh-my-zsh] See the above list for directories with group or other writability.
[oh-my-zsh] To fix your permissions you can do so by disabling
[oh-my-zsh] the write permission of "group" and "others" and making sure that the
[oh-my-zsh] owner of these directories is either root or your current user.
[oh-my-zsh] The following command may help:
[oh-my-zsh] compaudit | xargs chmod g-w,o-w
[oh-my-zsh] If the above didn't help or you want to skip the verification of
[oh-my-zsh] insecure directories you can set the variable ZSH_DISABLE_COMPFIX to
[oh-my-zsh] "true" before oh-my-zsh is sourced in your zshrc file.
I tried those fixes (from Stack Overflow and GitHub issues) and tested with restart of iTerm:
chmod 755 /usr/local/share/zsh
chmod 755 /usr/local/share/zsh/site-functions
chmod -R 755 ~/.oh-my-zsh
chown -R $(whoami) /usr/local/share/zsh
compaudit | xargs chmod g-w,o-w
They all didn't work. Still the same error messages.
Any other idea?
Is it safe to add [[ $UID = 0 ]] && ZSH_DISABLE_COMPFIX=true
into ZSH rc?
I use brew's zsh as login shell and use latest oh-my-zsh and macOS Catalina.
Solution 1:
The tip here worked fine for me:
Put
ZSH_DISABLE_COMPFIX="true"
in your ~/.zshrc file, before
source $ZSH/oh-my-zsh.sh
Solution 2:
Simple solution that worked for me was to restart my mac, start the terminal and check and make sure that the shell was defaulting to zsh, like this comment on the issue list for ohmyzsh's github repo
Hope if helps!