Fix Oh My Zsh “Insecure completion-dependent directories detected”
If you recently installed Oh My Zsh or updated a Mac running Oh My Zsh, you may encounter a large error message screen upon launching new terminal windows. The error usually states “Insecure completion-dependent directories detected”, and showing a series of /usr/local/share/zsh/ directories whose permissions zsh considers insecure.
There are two choices to deal with this issue; one being adjusting user permissions for the directories in question, and the other being to disable the verification check for the insecure directories.
Option 1: Changing Permissions on the Directories Specified
One option for changing permissions is to use chmod 755, which is full permissions for the owner (you), and read and execute permission for others for the directories in question. For example:
chmod 755 /usr/local/share/zsh
chmod 755 /usr/local/share/zsh/site-functions
You can of course use other permissions options for are more suitable for yourself, but 755 should resolve the insecure directories issue with Oh My Zsh.
(BTW the default permissions for those directories for most setups is 775 for rwxrwxr-x, if you want to revert for whatever reason).
Option 2: Disable the Insecure Directories Check
If you’d rather not change permissions but just do away with the insecure directory verification instead (which basically just ignores the check, it does not resolve the potential security issue), you can add the following to your .zshrc file:
ZSH_DISABLE_COMPFIX=true
Using nano is one easy way to add that to your .zshrc file, or your text editor of choice.
Again, this does not resolve the permissions complaint, it merely stops checking the permissions of the directories specified.
For many users, keeping /usr/local/share/zsh/ accessible to all user accounts is desirable so that all user accounts on the Mac can use Oh My Zsh, but for others who want a more restrictive environment on shared user machines, you can change permissions to accommodate that as well. The choice is up to you.
The full error message states the following, which largely tells you how to resolve the issue, but it’s not necessarily written in the most concise manner to immediately get a resolution from. Nonetheless it’s worth reading and reviewing, so you understand what the choices are as elucidated by Oh My Zsh, and what the consequences are of each option to get rid of the security message.
[oh-my-zsh] Insecure completion-dependent directories detected:
drwxrwxr-x 3 user admin 96 Jun 29 2020 /usr/local/share/zsh
drwxrwxr-x 5 user admin 160 Jul 19 14:54 /usr/local/share/zsh/site-functions[oh-my-zsh] For safety, we will not load completions from these directories until
[oh-my-zsh] you fix their permissions and ownership and restart zsh.
[oh-my-zsh] See the above list for directories with group or other writability.[oh-my-zsh] To fix your permissions you can do so by disabling
[oh-my-zsh] the write permission of “group” and “others” and making sure that the
[oh-my-zsh] owner of these directories is either root or your current user.
[oh-my-zsh] The following command may help:
[oh-my-zsh] compaudit | xargs chmod g-w,o-w[oh-my-zsh] If the above didn’t help or you want to skip the verification of
[oh-my-zsh] insecure directories you can set the variable ZSH_DISABLE_COMPFIX to
[oh-my-zsh] “true” before oh-my-zsh is sourced in your zshrc file.
If you have another method of resolving this issue, feel free to share in the comments.