Git Detected Dubious Ownership in Repository Error
The Git error message "detected dubious ownership in repository" is a modern security feature introduced in Git version 2.35.2 (and backported to several older versions) [1].
This error occurs when you attempt to run Git commands (like git status, git pull, or git commit) inside a repository whose files are owned by a different user ID (UID) than the one currently executing the Git command.
The primary purpose is to prevent privilege escalation or arbitrary code execution when working on shared systems or filesystems that allow one user to create a malicious .git/hooks file that another user (especially one with higher privileges) might unknowingly execute [2].
Causes of Dubious Ownershipโ
This error typically happens in environments where file ownership is transferred, mismatched, or shared:
- Shared Filesystems (NFS/CIFS): When a repository is created by one user on a network share and then accessed by a different user on a different machine.
- Using
sudoorroot: If you clone or modify a repository usingsudoor as therootuser, but then try to run subsequent commands as a non-root user (e.g., your standard user account). - Docker/WSL Mismatch: When cloning a repository inside a Docker container or Windows Subsystem for Linux (WSL) and then accessing the files from the host operating system, or vice versa. The user IDs (UIDs) often don't translate correctly between the environments.
- Transferring Repositories: Copying or cloning a repository while preserving file ownership from one machine to another where the UIDs do not match.
Solutions: How to Resolve the Errorโ
You have two primary ways to fix this: the secure, recommended way (changing ownership) and the global override (using Git configuration).
Method 1: Change File Ownership (Recommended)โ
This is the most secure method because it solves the root problem: the user running the command does not own the files.
You must recursively change the ownership of the entire repository directory back to the current user.
-
Identify the current user:
whoami -
Change ownership of the directory: Replace
your_user_namewith the output fromwhoami, and replace/path/to/repowith the path to your repository.sudo chown -R your_user_name:your_user_name /path/to/repoAnnotation: Using
sudo chown -Ris required because only the root user or the current owner can change file ownership.
Method 2: Trust the Repository Globally (Less Secure)โ
If you are absolutely certain the repository is safe (e.g., it's a personal repository on a secured machine) and you cannot easily fix the ownership (e.g., in complex network or Docker setups), you can instruct Git to trust the specific directory.
-
Run the following command inside the affected repository:
git config --global --add safe.directory /path/to/repoAnnotation: This command adds the specific repository path to the global list of directories that are exempt from the dubious ownership check.
Method 3: Disable the Check for All Repositories (Discouraged)โ
You can tell Git to skip the ownership check entirely for all repositories that are owned by a specific set of user IDs. This is generally discouraged as it significantly lowers your security protection.
# Add your current user's UID to the list of trusted owners
git config --global --add safe.owner $(id -u)
Annotation: This adds your current User ID (id -u) to the global safe.owner list, allowing you to access repos owned by this UID regardless of where they are located, without changing the directory path.
The most robust and secure solution is always to ensure the person running the Git commands is the owner of the repository files (Method 1).