I found an error log from Apache 2 that is fatal:
unsafe repository ('/home/repon' is owned by someone else)
It happens because I have git rev-parse --symbolic-full-name --abbrev-ref HEAD' in PHP code, and it looks like the new Git safety change no longer allows www-data to run this Git command.
Running the following command does not work:
git config --global --add safe.directory /homerepon
Is there a workaround to solve this issue?
Git version: 2.35.3
PHP version: 7.4
Apache2 version: 2.4.41
This started appearing with the release of the Git 2.35.2 security update which fixes vulnerabilities described here. Credits @Juan-Kabbali
Here are four possible solutions:
git config --global --add safe.directory /home/repon
This adds the safe group to file ~/.gitconfig as shown in this example:
[safe]
directory = /home/repon
sudo -u ubuntu -- git status
Note: This requires user www-data to have permission to execute the Git command as user ubuntu (assuming ubuntu is the repository owner). For this to work, you will need to add a new file inside /etc/sudoers.d/ with the following contents:
www-data ALL=(ubuntu) NOPASSWD: /usr/bin/git
This may have security implications, so refer to your security person first.
www-datasudo chown -R www-data:www-data /home/repon
apt install git-man=1:2.17.0-1ubuntu1 git=1:2.17.0-1ubuntu1
Note: At least on Windows, it appears that all Git repositories on ejectable drives are considered unsafe and changing the ownership does not seem to work.