这意味着什么?我该如何解决?

zsh compinit: insecure directories, run compaudit for list.
Ignore insecure directories and continue [y] or abort compinit [n]?

运行compaudit将返回如下结果:

There are insecure directories:
/usr/local/share/zsh/site-functions

当前回答

注:此答案为2012年数据。


这为我解决了问题:

$ sudo chmod -R 755 /usr/local/share/zsh/site-functions

出处:zsh邮件列表上的一个帖子


编辑:正如@biocyberman在评论中指出的那样。您可能还需要更新站点函数的所有者:

$ sudo chown -R root:root /usr/local/share/zsh/site-functions

在我的机器(OSX 10.9)上,我不需要这样做,但YMMV。

EDIT2:在OSX 10.11上,只有这样才能工作:

$ sudo chmod -R 755 /usr/local/share/zsh
$ sudo chown -R root:staff /usr/local/share/zsh

另外,user:staff是OSX上正确的默认权限。

其他回答

接受的答案在macOs Sierra(10.12.1)上不适用。必须从/usr/local递归吗

cd /usr/local
sudo chown -R <your-username>:<your-group-name> *

注意:你可以用whoami获取你的用户名,用id -g获取你的组

删除组写权限

compaudit | xargs chmod g-w

会成功的。

参见http://www.wezm.net/technical/2008/09/zsh-cygwin-and-insecure-directories/

我尝试了张贴的每一个解决方案,最后没有一个适合我的特殊情况。然而,我想向那些向我指出所有权是多账户真正问题的用户表示感谢,而不是模式。 我把这个答案发布给其他有类似设置的人(M1 +两个账户+ /opt/homebrew/share)。

下面是我的设置:

我有一台M1,运行macOS Monterey 12.0.1,使用Homebrew。

我有两个帐户,一个管理员和一个普通用户(需要分开工作)。 我只有在普通用户上有不安全的目录问题,两个用户使用相同的自制设置,以下目录和文件受到问题的影响:

/opt/homebrew/completions/zsh/_brew
/opt/homebrew/share/zsh
/opt/homebrew/share/zsh/site-functions
/opt/homebrew/share/zsh/site-functions/_brew
/opt/homebrew/share/zsh/site-functions/_brew_services
/opt/homebrew/share/zsh/site-functions/_cargo
/opt/homebrew/share/zsh/site-functions/_gh
/opt/homebrew/share/zsh/site-functions/_git
/opt/homebrew/share/zsh/site-functions/_j
/opt/homebrew/share/zsh/site-functions/_lf
/opt/homebrew/share/zsh/site-functions/_task
/opt/homebrew/share/zsh/site-functions/_tldr
/opt/homebrew/share/zsh/site-functions/_vifm

改变模式没有任何作用,最终解决问题的方法是将每个问题文件和目录的所有权更改为root:admin,如下所示:

sudo chown root:admin /opt/homebrew/share/zsh/site-functions/*

最初,在问题出现之前,我的管理员用户拥有所有的东西,因此所有权看起来像这样:usr:admin

这是站点功能目录现在的样子,没有问题:

lrwxr-xr-x  1 root admin  30 Jul 19 19:41 _brew ->../../../completions/zsh/_brew
lrwxr-xr-x  1 root admin  79 Aug 10 20:26 _brew_services -> ../../../Library/Taps/homebrew/homebrew-services/completions/zsh/_brew_services
lrwxr-xr-x  1 root admin  59 Nov  6 16:28 _cargo -> ../../../Cellar/rust/1.56.1/share/zsh/site-functions/_cargo
lrwxr-xr-x  1 root admin  53 Dec  2 23:37 _gh -> ../../../Cellar/gh/2.3.0/share/zsh/site-functions/_gh
lrwxr-xr-x  1 root admin  56 Nov 30 15:21 _git -> ../../../Cellar/git/2.34.1/share/zsh/site-functions/_git
lrwxr-xr-x  1 root admin  61 Oct 13 11:12 _j -> ../../../Cellar/autojump/22.5.3_3/share/zsh/site-functions/_j
lrwxr-xr-x  1 root admin  50 Oct 23 18:52 _lf -> ../../../Cellar/lf/26/share/zsh/site-functions/_lf
lrwxr-xr-x  1 root admin  57 Nov  6 16:28 _task -> ../../../Cellar/task/2.6.1/share/zsh/site-functions/_task
lrwxr-xr-x  1 root admin  57 Nov 18 01:45 _tldr -> ../../../Cellar/tldr/1.4.2/share/zsh/site-functions/_tldr
lrwxr-xr-x  1 root admin  56 Oct 13 11:11 _vifm -> ../../../Cellar/vifm/0.12/share/zsh/site-functions/_vifm

一旦你了解了原因,解决方案是微不足道的和明确的。

原因:compaudit输出的目录有group或other写权限(world-writable);或者这些文件属于root或你自己以外的其他人。 例如:在我的案例中,compaudit给了我:

% compaudit 
There are insecure directories:
/usr/local/share/zsh/site-functions
/usr/local/share/zsh

如果我们列出这些文件/目录的权限(在本例中)

% ls -lh /usr/local/share 
total 0
drwxr-xr-x  12 chbrandt  admin   384B Aug 14 10:45 aclocal
drwxr-xr-x   8 chbrandt  admin   256B Aug 14 10:45 doc
drwxr-xr-x   3 chbrandt  admin    96B Jul 24 21:00 fish
lrwxr-xr-x   1 chbrandt  admin    36B Aug 14 10:45 gettext -> ../Cellar/gettext/0.21/share/gettext
lrwxr-xr-x   1 chbrandt  admin    41B Aug 14 10:45 gettext-0.21 -> ../Cellar/gettext/0.21/share/gettext-0.21
lrwxr-xr-x   1 chbrandt  admin    37B Aug 14 10:45 gtk-doc -> ../Cellar/libidn2/2.3.0/share/gtk-doc
drwxr-xr-x   9 chbrandt  admin   288B Aug 14 10:45 info
drwxr-xr-x  58 chbrandt  admin   1.8K Aug 14 10:45 locale
lrwxr-xr-x   1 chbrandt  admin    41B Jul 27 17:12 luajit-2.0.5 -> ../Cellar/luajit/2.0.5/share/luajit-2.0.5
drwxr-xr-x   5 chbrandt  admin   160B Jul 27 17:12 man
lrwxr-xr-x   1 chbrandt  admin    33B Aug 14 10:45 nvim -> ../Cellar/neovim/0.4.4/share/nvim
drwxrwxr-x   3 chbrandt  admin    96B Jul 24 20:57 zsh
%
% ls -lh /usr/local/share/zsh 
total 0
drwxrwxr-x  4 chbrandt  admin   128B Jul 24 21:00 site-functions
%
% ls -lh /usr/local/share/zsh/site-functions 
total 0
lrwxr-xr-x  1 chbrandt  admin    39B Jul 24 21:00 _brew -> ../../../Homebrew/completions/zsh/_brew
lrwxr-xr-x  1 chbrandt  admin    44B Jul 24 21:00 _brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask

现在我们很容易发现问题,不是吗?注意zsh/和zsh/site-functions目录与其他目录的区别… zsh不支持允许管理组修改它们的“w”。

解决方案:关闭组可写权限!

% chmod g-w /usr/local/share/zsh 
% chmod g-w /usr/local/share/zsh/site-functions 

就是这样!你可以出发了。打开一个新终端,你应该不会再看到“zsh compinit: insecure directories”消息了;)

大多数答案都提供了解决方案,但没有提到为什么会出现这种警告。以下是ZSH公司的一段摘录:

For security reasons compinit also checks if the completion system would use files not owned by root or by the current user, or files in directories that are world- or group-writable or that are not owned by root or by the current user. If such files or directories are found, compinit will ask if the completion system should really be used. To avoid these tests and make all files found be used without asking, use the option -u, and to make compinit silently ignore all insecure files and directories use the option -i. This security check is skipped entirely when the -C option is given.

因此,解决方案意味着解决以下一个(或所有)问题:

将当前用户设置为所有目录/子目录/文件的所有者,原因如下: compaudit | xargs chown -R "$(whoami)" 删除组/others文件的写权限,原因如下: Compaudit | xargs chmod go-w

另一种方法是使用跳过这些检查

compinit -u

但我并不建议这样做,因为把问题藏在地毯下只能在短期内解决问题。