Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore insecure files and directories in compinit #633

Closed
wants to merge 2 commits into from
Closed

Ignore insecure files and directories in compinit #633

wants to merge 2 commits into from

Conversation

maximbaz
Copy link

@maximbaz maximbaz commented Dec 28, 2017
edited
Loading

This might be a bit controversial PR, and I'm definitely open for suggestions on how to do things differently.

Let me explain the problem that I'm trying to solve. I have all my dotfiles (including antigen) in my home dir, all of them are owned by my regular user. Sometimes I know that I need to execute a few privileged operations, so instead of prepending each command with sudo I change to root with $ sudo -s and then execute the commands without any prefix.

I like using $ sudo -s, because it preserves my user environment, $HOME directory, my prompt, antigen configuration, everything stays the same. However, when I enter $ sudo -s, I'm welcomed with the following message:

❯ sudo -s
zsh compinit: insecure directories and files, run compaudit for list.
Ignore insecure directories and files and continue [y] or abort compinit [n]?

This happens because of the following:

For security reasons compinit also checks if the completion system would use files not owned by root or by the current user, or files in directories that are world- or group-writable or that are not owned by root or by the current user.

Basically, compinit complains because current user is root, and dotfiles are owned by a different user.

I can't "fix" the permissions, I want my dotfiles to be owned by my own user, so I see this annoying warning every time.

Adding -i is an easy win, this flag makes compinit silently ignore all insecure files and directories.

What do you think about it, can we add it?

@desyncr
Copy link
Member

desyncr commented Dec 28, 2017

I see no major issues to add it. May be we can create a config for it ANTIGEN_COMPINIT (as we already have ANTIGEN_COMPDUMP).

@desyncr desyncr self-requested a review December 28, 2017 15:53
@desyncr desyncr assigned desyncr and maximbaz and unassigned desyncr Dec 28, 2017
@desyncr desyncr added this to the 2.2.3 milestone Dec 28, 2017
@maximbaz
Copy link
Author

Great! Should the default value for ANTIGEN_COMPINIT be compinit -i or plain compinit?

@desyncr
Copy link
Member

desyncr commented Dec 28, 2017

Should be compinit for v2.2.3 if there is need for it we may change to compinit -i on v2.4 or greater.

@desyncr
Copy link
Member

desyncr commented Dec 29, 2017

It seems it doesn't like running compinit -i as ANTIGEN_COMPINIT value. I'll rather use ANTIGEN_COMPINIT_OPTS, see the other PR.

@desyncr desyncr mentioned this pull request Dec 29, 2017
Merged
@desyncr
Copy link
Member

desyncr commented Dec 29, 2017

Merged in #634. Thanks for looking into this!

@desyncr desyncr closed this Dec 29, 2017
@maximbaz
Copy link
Author

#634 works perfectly, thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@desyncr desyncr desyncr approved these changes

Assignees

@maximbaz maximbaz

Labels
Enhancement
Projects
None yet
Milestone
2.2.3
Development

Successfully merging this pull request may close these issues.
2 participants
@maximbaz @desyncr