When working with Git repositories, you might encounter an error message that reads fatal: detected dubious ownership in repository at… followed by a suggestion to add an exception using the safe.directory configuration.
This error is particularly common when working with repositories across different storage devices, multiple user accounts, or after upgrading Git to newer versions.
This article explains why this error occurs, examines its security implications, and provides multiple solutions tailored to different environments.
Understanding the Error
The “dubious ownership” error is a security feature introduced in Git version 2.35.2 (March 2022) in response to CVE-2022-24765. This security vulnerability could potentially allow malicious actors to execute arbitrary code through a specially crafted repository if the repository’s ownership didn’t match the current user running Git commands.
Git now verifies that the directory containing the .git folder and the .git folder itself are owned by the current user before executing commands. When there’s a mismatch, Git produces the “dubious ownership” error to prevent potential security risks.
Common scenarios where this error occurs include:
- Mounting external drives with repositories
- Accessing repositories via network shares
- Using repositories created by different user accounts
- Running Git commands with elevated privileges (e.g., via sudo)
- Working in containerized environments or virtual machines
Read: How to rename a branch in Git
Solution 1: Fix Ownership Issues (Recommended)
The most proper solution is to address the ownership discrepancy by changing the owner of the repository to match the current user account.
On Linux/macOS:
# Check the current user
whoami
# Check the owner of the .git folder
ls -al .git
# Change ownership of both the repository and .git folder
sudo chown -R <current_user> <repo_folder>
For example, if your username is “alex” and the repository is located at “/media/data/projects/myapp”:
sudo chown -R alex:alex /media/data/projects/myapp
Read: Understanding Linux File Permissions: The Complete Guide to Securing Your System Files
On Windows:
Windows users can take ownership of folders through the GUI:
- Right-click on the repository folder → Properties → Security tab → Advanced
- Click “Change” next to Owner
- Enter your Windows username and click “Check Names”
- Check “Replace owner on subcontainers and objects”
- Click Apply
Alternatively, use the Command Prompt with administrator privileges:
takeown /F <repo_path> /R
For example:
takeown /F C:\Projects\myapp /R
Solution 2: Add Specific Directory to safe.directory Configuration
If changing ownership isn’t feasible (e.g., in shared environments), you can explicitly tell Git to trust specific repositories:
git config –global –add safe.directory /path/to/your/repository
This adds only the specified repository to the list of directories Git considers safe despite ownership differences.
Read: How to install Git on Ubuntu 18.04
Solution 3: Disable the Security Check (Use with Caution)
For personal computers where you are the sole user, you might consider disabling this security check entirely:
git config –global –add safe.directory ‘*’
On Windows, you might need to use double quotes:
git config –global –add safe.directory “*”
This tells Git to treat all repositories as safe regardless of ownership. However, this approach should be used carefully as it bypasses a security feature designed to protect you.
Solution 4: System-Wide Configuration for Service Users
When Git commands are executed by service users (like www-data, apache, etc.) that don’t have a home directory, or when you want to apply settings system-wide, use the –system flag:
sudo git config –system –add safe.directory ‘/path/to/repository’
Or to disable checks entirely for all users:
sudo git config –system –add safe.directory ‘*’
This writes to /etc/gitconfig rather than the user’s own .gitconfig file.
Working in Specific Environments
Resolving in WSL (Windows Subsystem for Linux)
When using Git in WSL to access Windows repositories, you might need to use the path prefix format:
git config –global –add safe.directory ‘%(prefix)///wsl$/Ubuntu-22.04/home/username/code/myrepo’
Web Applications and CI/CD Environments
For web applications running Git commands through PHP, Node.js, or other environments:
# Identify the web server user (often www-data, apache, nginx)
sudo chown www-data:www-data -R /path/to/repository/.git
# For shared access, set appropriate group permissions
sudo chmod g+w -R /path/to/repository/.git
In GitHub Actions or similar CI environments, use the –system configuration when adding safe directories.
Restoring Proper Git Permissions
If you’ve previously changed permissions to broad settings like chmod 777, here’s how to restore proper Git repository permissions:
# Set owner to current user
sudo chown -v “$(id -u):$(id -g)” -R .git
# Set proper directory permissions
find ‘.git’ -type d -exec chmod -v 775 {} \;
# Set proper file permissions for objects (read-only)
find ‘.git/objects’ -type f -exec chmod -v 444 {} \;
# Make hooks executable
find ‘.git/hooks’ -mindepth 1 -maxdepth 1 -type f -exec chmod -v 775 {} \;
# Set proper permissions for other Git files
find ‘.git’ -type f ! -path ‘.git/objects var wpcf7 = {"apiSettings":{"root":"https:\/\/net2.com\/wp-json\/contact-form-7\/v1","namespace":"contact-form-7\/v1"},"cached":"1"};