Closed mhunesi closed 2 years ago
This started appearing with the release of the Git 2.35.2 security update which fixes vulnerabilities described here.
Here are four possible solutions:
Option 1: trust the Git directory (do it if you know the directory contents are safe)
git config --global --add safe.directory /user/www/app/vendor/kartik-v
This adds the safe
group to file ~/.gitconfig as shown in this example:
[safe]
directory = /user/www/app/vendor/kartik-v
Option 2: run the command as the correct user, for example:
sudo -u ubuntu -- git status
Note: This requires user www-data to have permission to execute the Git command as user ubuntu (assuming ubuntu is the repository owner). For this to work, you will need to add a new file inside /etc/sudoers.d/ with the following contents:
www-data ALL=(ubuntu) NOPASSWD: /usr/bin/git
This may have security implications, so refer to your security person first.
Option 3: change the Git repository owner to www-data
sudo chown -R www-data:www-data /user/www/app/vendor/kartik-v
Option 4: downgrade Git as a temporary solution. For example, in Ubuntu:
apt install git-man=1:2.17.0-1ubuntu1 git=1:2.17.0-1ubuntu1
Note: At least on Windows, it appears that all Git repositories on ejectable drives are considered unsafe and changing the ownership does not seem to work.