I'm running zsh on a Raspberry Pi 2 (Raspbian Jessie). zsh compinit
is complaining about the /tmp
directory being insecure. So, I checked the permissions on the directory:
$ compaudit
There are insecure directories:
/tmp
$ ls -ld /tmp
drwxrwxrwt 13 root root 16384 Apr 10 11:17 /tmp
Apparently anyone can do anything in the /tmp directory. Which makes sense, given it's purpose. So I tried the suggestions on this stackoverflow question. I also tried similar suggestions on other sites. Specifiacally, it suggests turning off group write permissions on that directory. Because of how the permissions looked according to ls -ld
, I had to turn off the 'all' write permissions as well. So:
$ sudo su
% chmod g-w /tmp
% chmod a-w /tmp
% exit
$ compaudit
# nothing shows up, zsh is happy
This shut zsh up. However, other programs started to break. For example, gnome-terminal would crash whenever I typed the letter 'l'. Because of this, I had to turn the write permissions back on, and just run compinit -u
in my .zshrc
.
What I want to know: is there any better way to fix this? I'm not sure that it's a great idea to let compinit use an insecure directory. My dotfiles repo is hosted here, and the file where I now run compinit -u
is here.
First, the original permissions on /tmp
were correct. Make sure you've restored them correctly: ls -ld /tmp
must start with drwxrwxrwt
. You can use sudo chmod 1777 /tmp
to set the correct permissions. /tmp
is supposed to be writable by everyone, and any other permissions is highly likely to break stuff.
compaudit
complains about directories in fpath
, so one of the directories in your fpath
is of the form /tmp/…
(not necessarily /tmp
itself). Check how fpath
is being set. Normally the directories in fpath
should be only subdirectories of the zsh installation directory, and places in your home directory. A subdirectory of /tmp
wouldn't get in there without something unusual on your part.
If you can't find out where the stray directory is added to fpath
, run zsh -x 2>zsh-x.log
, and look for fpath
in the trace file zsh-x.log
.
It can be safe to use a directory under /tmp
, but only if you created it securely. The permissions on /tmp
allow anybody to create files, but users can only remove or rename their own files (that's what the t
at the end of the permissions means). So if a directory is created safely (e.g. with mktemp -d
), it's safe to use it in fpath
. compaudit
isn't sophisticated enough to recognize this case, and in any case it wouldn't have enough information since whether the directory is safe depends on how it was created.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With