Dev Solve

English

中文
日本語

English

中文
日本語

Appearance

Related Posts

Git Safe Directory Configuration

Git Dubious Ownership Error: Causes and Solutions

Git Divergent Branches: Fixing "Pulling without specifying how to reconcile divergent branches is discouraged"

Git HTTP 400 Error: Solutions for Large Repository Push Failures

Git Windows Invalid Path Error

Git Unsafe Repository Error: Solutions for "repository is owned by someone else"

Problem Overview

The "unsafe repository" error occurs when Git detects that the current repository directory is owned by a different user than the one running Git commands. This security feature was introduced in Git 2.35.2 to prevent potential exploits related to repository ownership.

Typical error message:

fatal: unsafe repository ('/home/repon' is owned by someone else)
To add an exception for this directory, call:
    git config --global --add safe.directory /home/repon

This commonly affects web applications (like those running under www-data user), scripts running under different user contexts, or when repositories were created with elevated privileges.

1. Mark Directory as Safe (Single Repository)

Add the specific repository to Git's safe directory list:

bash
git config --global --add safe.directory /path/to/your/repository

This adds the directory to your global Git configuration file (~/.gitconfig):

ini
[safe]
    directory = /path/to/your/repository

2. Mark All Directories as Safe (Use with Caution)

For development environments where security is less critical, you can mark all directories as safe:

bash
# Bash (escape the asterisk)
git config --global --add safe.directory '*'

# PowerShell (no escaping needed)
git config --global --add safe.directory *

Security Consideration

Using wildcards (*) disables Git's ownership security check entirely. Only use this in trusted environments.

3. Change Repository Ownership

If you have administrative access, change the repository ownership to match the user running Git commands:

bash
sudo chown -R username:group /path/to/repository

Replace username and group with the appropriate user and group (e.g., www-data:www-data for web servers).

4. System-Wide Configuration (Multi-user Environments)

For system services or multiple users, add safe directories to the system configuration:

bash
sudo git config --system --add safe.directory /path/to/repository

This modifies /etc/gitconfig and applies to all users on the system.

Platform-Specific Solutions

Windows Solutions

File Ownership Fix

  1. Right-click the repository folder → Properties → Security tab
  2. Click "Advanced" → Change owner to your user account
  3. Apply changes and ensure proper permissions

PowerShell Command

powershell
takeown /f . /r /d Y

This recursively takes ownership of all files in the current directory.

Web Server Environments (Apache, PHP)

For web applications running under www-data:

bash
# Create gitconfig for www-data
sudo -u www-data git config --global --add safe.directory /path/to/repository

# Or create config file manually
sudo mkdir -p /var/www/.git
sudo echo -e "[safe]\n\tdirectory = /path/to/repository" | sudo tee /var/www/.gitconfig

WSL (Windows Subsystem for Linux)

Edit the Git configuration file directly:

bash
nano ~/.gitconfig

Add your Windows paths using the appropriate format:

ini
[safe]
    directory = %(prefix)///wsl$/Ubuntu-20.04/path/to/repo

Advanced Scenarios

Jenkins Pipeline Integration

In Jenkins declarative pipelines, add this step:

groovy
stage('Setup') {
    steps {
        sh(label: 'Git config safedir', 
           script: "git config --global --add safe.directory ${env.WORKSPACE}")
    }
}

Preventing Duplicate Entries

When using automation, prevent duplicate safe directory entries:

bash
git config --global --replace-all safe.directory '*'

Troubleshooting Common Issues

Permission Denied Error

If you encounter permission errors when modifying Git config:

bash
# Use sudo for system-wide changes
sudo git config --system --add safe.directory /path/to/repository

# Or fix config file permissions
sudo chown $USER:$USER ~/.gitconfig

Environment Variables

Ensure HOME environment variable is properly set for the service user:

bash
# For www-data user
sudo -u www-data bash -c 'export HOME=/var/www; git config --global --add safe.directory /path/to/repo'

Security Best Practices

Recommended Approach

Prefer explicitly listing safe directories rather than using wildcards. This maintains security while solving the ownership issue.

  1. Least Privilege: Only add directories that absolutely need exception
  2. Regular Audits: Periodically review your safe directory listings
  3. User Context: Run Git commands with the appropriate user rather than adding exceptions
  4. Configuration Management: Use system-level configuration for multi-user environments

Version Compatibility

  • Git 2.35.2+: Security feature introduced
  • Git 2.36+: Wildcard support (*) added for safe directories

Check your Git version:

bash
git --version

Conclusion

The "unsafe repository" error is a security feature, not a bug. The optimal solution depends on your environment:

  • Development machines: Use explicit safe directory listing or ownership changes
  • Production servers: Prefer system-wide configuration with specific paths
  • CI/CD pipelines: Implement automation-friendly solutions like workspace configuration
  • Multi-user systems: Consider centralized configuration management

By understanding the security implications and choosing the appropriate solution, you can maintain both functionality and security in your Git workflow.