From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15671 invoked by alias); 8 Jun 2015 23:25:20 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 35420 Received: (qmail 16863 invoked from network); 8 Jun 2015 23:25:18 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL autolearn=ham autolearn_force=no version=3.4.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=fsDfTV+p0EiupXM1TuDP1nnwodhDWihqsfqgk2Pvm6k=; b=bQ/ZQGWmuyPePx5aBAD5Hw+BympqNJG6DnNKP1Yie5BNpjyIG3cPMRq0EVkcaV0vI+ EKq+lcchc0qNF6s2yA0PxMYebbrpMcDpr4cLVnBFs8GkrUJw5O2Bx4Ua88T4GRcoSs6n dS2f1curBdUTgTHjDsvBmWAHofBxxwFTWM+Iku3w+9ydtBxkejvejydB8QY2QTcugrbw KtlTePaevEY6wy20No5abAp3EbDPxVVR2FgW5pQ1fuVBmOLOBjKSDR55yiDSJNPOXqLf iK+jMAv4VKVoGUI1k/nFSgy5Ta/qyWOv0Fcoice7XAVEtqvLhoRt34aUDYvmTQXQVFUk U1pQ== MIME-Version: 1.0 X-Received: by 10.140.150.198 with SMTP id 189mr23629270qhw.88.1433805915096; Mon, 08 Jun 2015 16:25:15 -0700 (PDT) In-Reply-To: <150608004847.ZM27819@torch.brasslantern.com> References: <150608004847.ZM27819@torch.brasslantern.com> Date: Mon, 8 Jun 2015 17:25:15 -0600 Message-ID: Subject: Re: compinit insecure warning with trusted user From: Stephen Romansky To: Bart Schaefer Cc: zsh-workers@zsh.org Content-Type: multipart/alternative; boundary=001a113569e23f0cc3051809f4fc --001a113569e23f0cc3051809f4fc Content-Type: text/plain; charset=UTF-8 The -u did the trick. The fpath and the binary are both owned by a user in the admin group. I talked to two people running os x and one lets their main account be an admin so the error does not appear, and the other individual uses the -u flag. I would guess that most people on os x and running zsh use these two solutions. The package manager installs content to /usr/local which is owned by the admin grouped account. On Mon, Jun 8, 2015 at 1:48 AM, Bart Schaefer wrote: > On Jun 7, 1:09pm, Stephen Romansky wrote: > } > } Zsh in owned by an admin account that isn't named root, and is not the > } current user. > } > } Now, > } > http://zsh.sourceforge.net/Doc/Release/Completion-System.html#Use-of-compinit > } states that the *compaudit* will throw the warning if the completion > system > } is not owned by root or the current user. Which is the case I have. > > That paragraph is missing one detail, which is that compaudit also tries > to identify the user that owns the zsh binary itself, and allows fpath > directories to be owned by that user as well as root or the current user. > > Do you in fact have a case where the files in fpath are not owned by the > same user as the zsh binary? If the binary and the function library ARE > owned by the same user, perhaps there is an ownership test you can help > us improve. Currently it examines > /proc/$$/exe > /proc/$$/object/a.out > > There's also some special code for debian. If your situation is common on > some particular distribution, perhaps we need to special-case that, too. > > } So, can the admin and/or wheel group be added to this set of > } exceptions? Or, is it simpler to just add the ignore flag to > } *compinit* on the system in question? > > You probably want "compinit -u" (the "use the library anyway" flag) rather > than the ignore flag. > --001a113569e23f0cc3051809f4fc--