[Git] Error: fatal: detected dubious ownership in repository — Understanding safe.directory — How to Fix It

Summary

fatal: detected dubious ownership in repository at 'path' is a Git security feature introduced in version 2.35+. It prevents Git commands from running inside directories that appear to be owned by another user. This helps protect against malicious repositories, but can block normal work in cases like WSL, Docker, or shared folders. The fix is to mark the repository as safe or adjust its ownership.

Context

Modern Git versions enforce strict ownership verification for security reasons. When the repository’s owner doesn’t match the current user, Git refuses to execute commands that could modify data or run hooks. This is common when using Git across subsystems (e.g., Windows → WSL) or when cloning projects via scripts or privileged users (like root).

Probable Cause

  • Ownership mismatch: The folder is owned by another user or system account.
  • Permission propagation: Repository cloned or created under sudo or by a different UID.
  • Cross-environment issue: Git running in WSL, Docker, or mounted drives with different permission metadata.
  • Network/shared directory: Drive mounted from another machine or domain user.

Quick Fix

  1. Check the full error message: It will specify which repository Git considers “dubious.”
  2. Inspect folder ownership: 
    ls -ld <path> # Linux/macOS dir /q <path> # Windows
  3. If you trust the repository, mark it as safe: 
    git config --global --add safe.directory <absolute/path/to/repo>
  4. If ownership is wrong, fix permissions: 
    sudo chown -R $(whoami) <path>
  5. On WSL or Docker: Ensure the path uses the correct format, e.g.: 
    /mnt/c/Users/... # WSL path format C:\Users\... # Windows format
  6. Retry your Git command: 
    git pull git fetch git status

Example

# Error $ git pull fatal: detected dubious ownership in repository at '/mnt/c/Users/luis/project' To add an exception for this directory, call: git config --global --add safe.directory /mnt/c/Users/luis/project
Fix

$ git config --global --add safe.directory /mnt/c/Users/luis/project
$ git pull
Already up to date.

Alternate Scenarios

  • Running Git in WSL: Git detects Windows-owned directories as unsafe due to UID mismatch.
  • Docker bind mounts: Container user differs from host file owner — add container path to safe.directory.
  • Corporate network drives: Different domain users appear as different owners — same fix applies.
  • Automated build agents: Git runs under a system account; mark the workspace safe or adjust ownership.

Pitfalls & Debug

  • Symptom → Git refuses pull or commit in a project directory. Fix → Add to safe.directory or adjust file ownership.
  • Symptom → Adding to safe.directory didn’t work. Fix → Use absolute paths and ensure no trailing slashes; check with git config --list.
  • Symptom → Happens only in scripts or CI/CD. Fix → Add git config --global --add safe.directory * if all repos are trusted (use with care).

Verification & Next Steps

# Check registered safe directories git config --list --show-origin | grep safe.directory
Check folder owner

ls -ld /mnt/c/Users/luis/project

Confirm Git commands now run normally

git status

Best Practices

  • Always use absolute paths when adding safe directories.
  • Limit the safe.directory list to repositories you trust.
  • Match ownership between user accounts across subsystems to prevent repeat errors.
  • In shared environments, prefer proper permissions (chown/icacls) over bypassing security with global safe entries.

Sources

Git Documentation — safe.directory

GitHub Blog — Git Security Update

Stack Overflow — Git safe.directory error

Labels

Tool/Git, OS/Cross-platform, Topic/Permissions & Security