Fatal error “unsafe repository (‘/home/repon’ is owned by someone else)”

by

This started appearing with the release of the Git 2.35.2 security update which fixes vulnerabilities described here. Credits @Juan-Kabbali

Here are four possible solutions:

  • trust the Git directory (do it if you know the directory contents are safe)
git config --global --add safe.directory /home/repon

This adds the safe group to file ~/.gitconfig as shown in this example:

[safe]
    directory = /home/repon
  • run the command as the correct user, for example:
sudo -u ubuntu -- git status

Note: This requires user www-data to have permission to execute the Git command as user ubuntu (assuming ubuntu is the repository owner). For this to work, you will need to add a new file inside /etc/sudoers.d/ with the following contents:

www-data ALL=(ubuntu) NOPASSWD: /usr/bin/git

This may have security implications, so refer to your security person first.

  • change the Git repository owner to www-data
sudo chown -R www-data:www-data /home/repon
  • downgrade Git as a temporary solution. For example, in Ubuntu:
apt install git-man=1:2.17.0-1ubuntu1 git=1:2.17.0-1ubuntu1

Note: At least on Windows, it appears that all Git repositories on ejectable drives are considered unsafe and changing the ownership does not seem to work.

More Related Contents:

  1. I cannot add the parent directory to *safe.directory* in Git
  2. Definition of “downstream” and “upstream”
  3. How to find the nearest parent of a Git branch
  4. How do I view ‘git diff’ output with my preferred diff tool/ viewer?
  5. How to find/identify large commits in git history?
  6. Git 1.6.4 beta on Windows (msysgit) – Unix or DOS line termination
  7. Git: Could not resolve host github.com error while cloning remote repository in git
  8. Combining multiple commits before pushing in Git [duplicate]
  9. git push to multiple repositories simultaneously [duplicate]
  10. How do I revert a merge commit that has already been pushed to remote?
  11. How do I remove local (untracked) files from the current Git working tree?
  12. Why does Git tell me “Not currently on any branch” after I run “git checkout origin/”?
  13. How do I make git block commits if user email isn’t set?
  14. Difference between git stash pop and git stash apply
  15. Merging between forks in GitHub
  16. Gerrit error when Change-Id in commit messages are missing
  17. git remote add with other SSH port
  18. git status shows fatal: bad object HEAD
  19. Git submodules not updating in Jenkins build
  20. Unignore subdirectories of ignored directories in Git
  21. how to log out of one Github account and use another account?
  22. GIT commit as different user without email / or only email
  23. Changing the Git user inside Visual Studio Code
  24. Git gives me a “Permission Denied” error when writing files that I am pulling
  25. Clone only the .git directory of a git repo
  26. Git – head (lowercase) vs HEAD (uppercase)
  27. Why has git-filter-branch not rewritten tags?
  28. PowerShell Capture Git Output
  29. git clone with HTTPS or SSH remote?
  30. How do I move forward and backward between commits in git?

Leave a Comment