Cannot add parent directory to on git

After updating git to I’m getting the following error:

fatal: unsafe repository (‘F:/GitHub/my-project’ is owned by someone else)
To add an exception for this directory, call:

git config –global –add F:/GitHub/my-project

I’ve tried adding the parent directory of my projects to .gitconfig but it doesn’t work.

directory = F:/GitHub/
directory = F:/Private/

  1. Is there a workaround for this?
  2. What does it actually mean by “‘x’ is owned by someone else”?

I don’t want to add every single project I’m working on to the .gitconfig file.

As far as .gitconfig is concerned and are the same.



This seems to be related to this announcement of a vulnerability:

I think it has less to do with your email, and more with the owner of the directories on your filesystem. Is the user you’re currently logged in with also the owner of the folder? How about the parent folder? Also, are you invoking git from within the repository directory? The update is only a few hours old, so I guess things are still in flux.

For now, as the message from git suggests, execute

git config --global --add F:/GitHub/my-project

and make sure you are calling git from within F:/GitHub/my-project for now.

EDIT: As we found out in the comments below, the owner of the parent of the directory containing the .git folder (the git repository) is the issue.
Cloning the project anew is a platform-independent way to make sure you are the owner.


I ran into the same problem using flutter on Linux, which on my distro was installed in /opt/flutter. I am not working as root, thus I run into the same problem. Running git config --global --add /opt/flutter did indeed fix the problem for me.

Longer edit: Clarification

Going through the post about the vulnerability again after a good night’s sleep, I think a bit of clarification is in order. I’ll leave the rest of the answer as is.
Let’s look at the following simple directory structure.

├─ tommy/
│  ├─ .git/
│  ├─ rental_space/
│  │  ├─ mary/
│  │  │  ├─ projects/
│  │  │  │  ├─ phone_app/
│  │  │  │  │  ├─ .git/
│  │  ├─ anthony/

In this case, the user tommy owns his own directory under /home, but (for some reason) rents out space to other users, in this case mary and anthony.
If mary, by mistake, were to execute git in her directory, but outside of her phone_app project, then old git would go up the directory tree to search a .git repository. The first it finds is the one from /home/tommy/.git. This is a security risk, because another user, in this case, anyone that can act as tommy, can affect mary‘s execution of git and possibly cause trouble.
From Git v2.35.2 and onward, the traversal will stop as soon as the directory entered belongs to a user other than mary. Say mary executed git in /home/tommy/rental_space/mary/projects, then git will check in projects, but find no .git. It will go up one directory, check-in mary, but again find no .git. Then it will again go up, but rental_space belongs to tommy, not mary. The new git version will stop here and print the message we saw in the question.
Adding the directory /home/tommy/rental_space to the a variable would allow git to proceed but is, as explained, a security risk.

I used a Linux-like directory directory structure here, but the same is true on Windows.