This error occurs when Git cannot read or write to the .git/config file due to file system permission restrictions. The fix typically involves correcting the ownership of the .git directory to match your current user.
When you run a Git command, Git needs to access the `.git/config` file to read repository-level settings such as remote URLs, branch tracking information, and user configurations. This fatal error appears when your current user lacks the necessary read or write permissions to access this configuration file. The error message `fatal: unable to access '/path/to/repo/.git/config': Permission denied` indicates that the Linux kernel denied your request to open the file. This is a file system permission issue, not a Git bug. The most common scenario is when the `.git` directory (or files within it) are owned by a different user than the one running the Git command. This often happens when: 1. The repository was cloned or initialized with `sudo` 2. Files were created by a different user or process (such as a Docker container running as root) 3. The repository was copied or extracted from an archive with preserved permissions from another system 4. A backup/restore operation did not preserve correct ownership
First, examine who owns the .git directory and its contents:
ls -la .git/Look at the third and fourth columns which show the owner and group. Example output:
total 52
drwxr-xr-x 8 root root 4096 Jan 15 10:30 .
drwxr-xr-x 5 jonas jonas 4096 Jan 15 10:30 ..
-rw-r--r-- 1 root root 307 Jan 15 10:30 config
-rw-r--r-- 1 root root 73 Jan 15 10:30 description
...If you see root or another user instead of your username, that's the problem.
Also check your current user:
whoami
idThe standard fix is to change ownership of the entire .git directory to your current user:
sudo chown -R $(whoami):$(whoami) .git/This command:
- Uses sudo to run with root privileges (required to change ownership from root)
- chown -R recursively changes ownership
- $(whoami) substitutes your current username
Alternatively, you can specify user and group explicitly:
sudo chown -R $USER:$USER .git/Or change ownership of the entire repository including working directory:
sudo chown -R $(whoami):$(whoami) .After changing ownership, verify the permissions are correct:
ls -la .git/You should now see your username in the owner column:
-rw-r--r-- 1 jonas jonas 307 Jan 15 10:30 configTest that Git commands work:
git status
git log --oneline -5
git remote -vIf these commands work without errors, the issue is resolved.
If changing ownership doesn't resolve the issue, security modules like SELinux or AppArmor might be blocking access.
For SELinux (RHEL, CentOS, Fedora):
# Check if SELinux is enforcing
getenforce
# Check for recent denials
sudo ausearch -m avc -ts recent
# Temporarily set to permissive to test
sudo setenforce 0If the error goes away in permissive mode, you need to fix the SELinux context:
# Restore default SELinux contexts
restorecon -Rv .git/For AppArmor (Ubuntu, Debian):
# Check AppArmor status
sudo aa-status
# Check system logs for denials
sudo dmesg | grep apparmorIf you own the files but still get permission denied, the file permissions themselves may be wrong:
# Check current permissions
ls -la .git/config
# Fix: make config readable and writable by owner
chmod 644 .git/config
# Fix all files in .git recursively
find .git -type f -exec chmod 644 {} \;
find .git -type d -exec chmod 755 {} \;The .git/config file should have at least read permissions (mode 644 or similar).
If the repository is on a network filesystem, ownership may not map correctly between systems.
For NFS:
Check that UID/GID mapping is consistent between the NFS server and client. On the server's exports file:
/export/repos 192.168.1.0/24(rw,sync,no_subtree_check,all_squash,anonuid=1000,anongid=1000)For CIFS/SMB (Samba):
Mount with explicit UID and GID:
sudo mount -t cifs //server/share /mnt/repo -o username=user,uid=$(id -u),gid=$(id -g)Or in /etc/fstab:
//server/share /mnt/repo cifs username=user,uid=1000,gid=1000 0 0### Preventing This Issue in the Future
Never use sudo with git for user repositories:
# BAD - creates root-owned files
sudo git clone https://github.com/user/repo.git
# GOOD - clone as your user
git clone https://github.com/user/repo.gitIf you need to clone to a location that requires elevated privileges, create the directory first with correct ownership:
sudo mkdir /opt/myproject
sudo chown $(whoami):$(whoami) /opt/myproject
git clone https://github.com/user/repo.git /opt/myproject### Docker Volume Permissions
When using Git inside Docker containers with mounted volumes, the container often runs as root. Solutions:
Run container as your user:
docker run --user $(id -u):$(id -g) -v $(pwd):/repo -w /repo git-image git pullIn docker-compose.yml:
services:
app:
image: myimage
user: "${UID}:${GID}"
volumes:
- .:/appRun with: UID=$(id -u) GID=$(id -g) docker-compose up
### WSL (Windows Subsystem for Linux)
On WSL1, Windows filesystem mounts (/mnt/c/) have known permission issues. Upgrade to WSL2:
wsl --set-version Ubuntu 2Or clone repositories to the Linux filesystem (/home/user/) instead of Windows mounts.
### Git Safe Directory Feature
Git 2.35.2+ added a security feature that rejects repositories owned by different users. You may also see:
fatal: detected dubious ownership in repositoryThis is a related but different error. Fix with:
git config --global --add safe.directory /path/to/repoHowever, fixing ownership (as described above) is the preferred solution.
### Checking Immutable or Append-Only Attributes
On some systems, files may have special attributes that prevent modification:
# Check for immutable attribute
lsattr .git/config
# Remove immutable attribute if present
sudo chattr -i .git/config### ACL (Access Control Lists)
If your filesystem uses ACLs, standard Unix permissions may be overridden:
# Check ACLs
getfacl .git/config
# Remove all ACLs and use standard permissions
setfacl -b .git/configkex_exchange_identification: Connection closed by remote host
Connection closed by remote host when connecting to Git server
fatal: unable to access: Proxy auto-configuration failed
How to fix 'Proxy auto-configuration failed' in Git
fatal: unable to access: Authentication failed (proxy requires basic auth)
How to fix 'Authentication failed (proxy requires basic auth)' in Git
fatal: unable to access: no_proxy configuration not working
How to fix 'no_proxy configuration not working' in Git
fatal: unable to read tree object in treeless clone
How to fix 'unable to read tree object in treeless clone' in Git