Recent Git security updates, particularly from version 2.35 onward, have introduced unexpected issues for some developers. One common example is the following error:
fatal: detected dubious ownership in repository at '/path/to/repo'
This occurs when Git determines that a repository is untrusted. While this is a legitimate security restriction, encountering it in directories where you normally work locally can halt development unexpectedly. This article explains the causes of this error and how to resolve it on Mac systems.
1. Causes and Background
This error occurs when Git determines that:
- The repository owner does not match the current user, or
- The repository is located in an untrusted location
This behavior is based on the safe.directory feature introduced in Git v2.35.
Common scenarios where this happens:
- Git operations were previously executed with
sudo - Repositories are located outside the home directory (e.g.,
/tmp,/mnt,/Volumes) - Repository ownership is assigned to a different user (e.g., in team-shared directories)
- Operations are performed in temporary directories for GitHub Codespaces or CI/CD
Git restricts operations in untrusted directories to prevent unauthorized access or execution.
Verify Ownership and Permissions
You can check ownership and permissions using:
ls -la /path/to/repo
If the owner differs from your user ID, this could be the cause of the error.
2. Temporary Fix: Add to safe.directory
The easiest and most direct solution is to explicitly mark the repository as safe for Git.
git config --global --add safe.directory /path/to/repo
If multiple repositories trigger the same error, each path needs to be added to safe.directory.
Note: You can also trust all directories using a wildcard, but this is not recommended for security reasons.
git config --global --add safe.directory '*'
Cautions
- Using a wildcard reduces security since all directories are trusted.
- In team environments, each developer may need to configure this individually.
3. Root Cause Fix: Change Repository Ownership
On macOS, files or directories may have incorrect ownership. Running git clone with sudo can result in the repository being owned by root.
You can fix ownership using chown:
sudo chown -R $(whoami) /path/to/repo
Command breakdown:
sudo: run as administratorchown -R: recursively change ownership$(whoami): current logged-in user
This ensures Git no longer flags the repository as a “dubious directory.”
4. Review Local .gitconfig Settings
Another common oversight is the project-specific .git/config. If safe.directory is missing or misconfigured, the error may appear.
Check .git/config in your repository:
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true[safe]
directory = /path/to/repo
If this section is missing, adding it can resolve the error.
Editing example
vim .git/config
You can also automate this with scripts.
5. Considerations for CI Environments and Mounted Directories
On macOS, Docker containers, or CI environments (GitHub Actions, GitLab CI), repositories may be checked out outside the home directory, which increases the risk of “untrusted repository” errors.
Recommended approach in CI/Docker:
git config --global --add safe.directory "$PWD"
- In Docker, ensure mounted directories have matching user IDs and permissions.
- Example Docker strategies:
# Set user at container startup
docker run --user $(id -u):$(id -g) ...
# Change ownership in Dockerfile
RUN chown -R myuser:mygroup /workspace/repo
These steps help maintain security and prevent errors in CI and container environments.
6. Git Version and Security Policy Changes
This error originates from a new security mechanism introduced in Git since 2022.
Git v2.35.1 and later added safe.directory to prevent operations in directories with mismatched owners or unsafe paths.
Check your Git version:
git --version
Even if you are using an older Git version, future updates may trigger similar errors. Mac users managing Git via Homebrew should regularly run:
brew upgrade git
Reviewing .gitconfig ensures both security and workflow efficiency.
Summary
The “fatal: detected dubious ownership in repository” error is a security check introduced in modern Git versions. While legitimate, it can suddenly block development.
Key solutions include:
- Explicitly adding the repository to
safe.directory - Correcting ownership with
chown - Reviewing
.git/configfor safe.directory settings - Handling user IDs and safe settings in CI/Docker
- Keeping Git up-to-date and understanding new security policies
On macOS, file permissions and ownership can be complex, so attention to user-specific settings, ownership, and mount configurations is crucial.
