Zsh (brew) and oh-the-zsh: Insecure completion-dependent directories detected (as root user)

catalinacommand linehomebrewitermzsh

When I run sudo -s I get those errors:

[oh-my-zsh] Insecure completion-dependent directories detected:
drwxr-xr-x    19 myusername  MYDOMAIN\Domain Users     608 Feb 10 07:08 /Users/myusername/.oh-my-zsh
drwxr-xr-x     5 myusername  MYDOMAIN\Domain Users     160 Feb  4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins
drwxr-xr-x    26 myusername  MYDOMAIN\Domain Users     832 Feb  4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins/zsh-autosuggestions
drwxr-xr-x    22 myusername  MYDOMAIN\Domain Users     704 Feb  4 08:40 /Users/myusername/.oh-my-zsh/custom/plugins/zsh-syntax-highlighting
drwxr-xr-x   277 myusername  MYDOMAIN\Domain Users    8864 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins
drwxr-xr-x     4 myusername  MYDOMAIN\Domain Users     128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/bgnotify
drwxr-xr-x     4 myusername  MYDOMAIN\Domain Users     128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/brew
drwxr-xr-x     4 myusername  MYDOMAIN\Domain Users     128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/git
drwxr-xr-x     5 myusername  MYDOMAIN\Domain Users     160 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/osx
drwxr-xr-x     4 myusername  MYDOMAIN\Domain Users     128 Jan 13 06:21 /Users/myusername/.oh-my-zsh/plugins/web-search
drwxr-xr-x     6 myusername  MYDOMAIN\Domain Users     192 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh
drwxr-xr-x  1148 myusername  MYDOMAIN\Domain Users   36736 Feb  4 13:06 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions
-rw-r--r--     1 myusername  MYDOMAIN\Domain Users     279 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_SUSEconfig
-rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2800 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_a2ps
-rw-r--r--     1 myusername  MYDOMAIN\Domain Users     490 Feb  3  2019 
(...)
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     371 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_mkzsh
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    5478 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2095 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module-assistant
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     306 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_module_math_func
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    5020 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_modutils
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2001 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_mondo
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2376 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_monotone
(...)
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    4061 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zoneadm
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     256 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zones
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    9492 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zpool
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    2084 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zpty
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     696 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsh
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     719 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsh-mime-handler
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     384 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zsocket
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users   19508 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zstyle
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users     586 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_ztodo
    -rw-r--r--     1 myusername  MYDOMAIN\Domain Users    6093 Feb  3  2019 /usr/local/Cellar/zsh/5.7.1/share/zsh/functions/_zypper
    drwxr-xr-x     7 myusername  admin                     224 Feb  4 13:06 /usr/local/share/zsh
    drwxr-xr-x    10 myusername  admin                     320 Feb 10 10:07 /usr/local/share/zsh/site-functions
    lrwxr-xr-x     1 myusername  admin                      39 Sep 30  2016 /usr/local/share/zsh/site-functions/_brew -> ../../../Homebrew/completions/zsh/_brew
    lrwxr-xr-x     1 myusername  admin                      44 Sep 30  2016 /usr/local/share/zsh/site-functions/_brew_cask -> ../../../Homebrew/completions/zsh/_brew_cask
    lrwxr-xr-x     1 myusername  admin                      88 Mar  9  2017 /usr/local/share/zsh/site-functions/_brew_services -> ../../../Homebrew/Library/Taps/homebrew/homebrew-services/completions/zsh/_brew_services
    lrwxr-xr-x     1 myusername  admin                      58 Jan 30 12:15 /usr/local/share/zsh/site-functions/_git -> ../../../Cellar/git/2.25.0_1/share/zsh/site-functions/_git
    lrwxr-xr-x     1 myusername  admin                      71 Jan 27 07:20 /usr/local/share/zsh/site-functions/_kubectl -> ../../../Cellar/kubernetes-cli/1.17.2/share/zsh/site-functions/_kubectl
    lrwxr-xr-x     1 myusername  admin                      63 Feb 10 10:07 /usr/local/share/zsh/site-functions/_kubectx -> ../../../Cellar/kubectx/0.7.1/share/zsh/site-functions/_kubectx
    lrwxr-xr-x     1 myusername  admin                      62 Feb 10 10:07 /usr/local/share/zsh/site-functions/_kubens -> ../../../Cellar/kubectx/0.7.1/share/zsh/site-functions/_kubens

    [oh-my-zsh] For safety, we will not load completions from these directories until
    [oh-my-zsh] you fix their permissions and ownership and restart zsh.
    [oh-my-zsh] See the above list for directories with group or other writability.

    [oh-my-zsh] To fix your permissions you can do so by disabling
    [oh-my-zsh] the write permission of "group" and "others" and making sure that the
    [oh-my-zsh] owner of these directories is either root or your current user.
    [oh-my-zsh] The following command may help:
    [oh-my-zsh]     compaudit | xargs chmod g-w,o-w

    [oh-my-zsh] If the above didn't help or you want to skip the verification of
    [oh-my-zsh] insecure directories you can set the variable ZSH_DISABLE_COMPFIX to
    [oh-my-zsh] "true" before oh-my-zsh is sourced in your zshrc file.

I tried those fixes (from Stack Overflow and GitHub issues) and tested with restart of iTerm:

chmod 755 /usr/local/share/zsh
chmod 755 /usr/local/share/zsh/site-functions
chmod -R 755 ~/.oh-my-zsh
chown -R $(whoami) /usr/local/share/zsh
compaudit | xargs chmod g-w,o-w

They all didn't work. Still the same error messages.

Any other idea?
Is it safe to add [[ $UID = 0 ]] && ZSH_DISABLE_COMPFIX=true into ZSH rc?
I use brew's zsh as login shell and use latest oh-my-zsh and macOS Catalina.

Best Answer

The tip here worked fine for me:

Put 

ZSH_DISABLE_COMPFIX="true"

in your ~/.zshrc file, before

source $ZSH/oh-my-zsh.sh

enter image description here