Back

TIL: Your project's .git/ contents can have multiple owners

6/9/2026 · 3 min read

Background

I have been getting my portfolio projects ready for interviews and decided to take on deploying my Voice Translator's backend to an EC2 instance. I was amazed when I received a fatal: dubious ownership error while using Git in the command line as this repo is owned by yours truly. As many of you know, the CLI will prompt you to run git config --global --add safe.directory 'path/to/your/repo' to reconcile this, and that usually gets the job done, but the issue came down to what Linux user had cloned the repo.

Too Many Cooks...And I'm All of Them

Of the many things that I had considered, what Linux user had cloned the repo was not one of them. On an Amazon Linux instance the default username is ec2-user, but I also set up a user for CI/CD: runner. In addition to these two users, the AWS documentation instructs developers to run certain (several) commands with sudo; as opposed to configuring root access or managing permissions otherwise. This adds to the complexity of the problem.

Popping the Hood

I kept running into a strange error in the pipeline in the build stage where runner was unable to pull the most recent changes. I ran ls -la on my .git folder and it showed root, ec2-user, and runner all owning at least one file or subfolder in my .git folder.

Problem: Explained

Since I ran git commands in the EC2 instance using sudo, this gave initial ownership to root. After granting permission to both ec2-user and runnner, this gave partial ownership to each user when I changes were made as changes trigger writes to .git. I continued using runner as I considered it to be more important for that user to have permissions as I am prioritizing the CI/CD pipeline.

Quick recap: Running sudo ❌, using runner instead of my default user ❌

The Solution.

The correct way to fix this, as my SRE friend pointed out, would have been to run chmod -R to change the ownership of each file. However, it was significantly faster to delete .git, run git init as ec2-user, then grant access to a shared group (default user and runner). It's very much the same approach to deleting node_modules/ and running npm install with the added IAM access twist.

TL;DR

  1. Clone the repo as the default user (ec2-user).
  2. Grant ownership of the repository to a shared group comprised of:
    • Default user.
    • CI/CD runner user (runner).
  3. Avoid sudo where possible (for several reasons) to avoid root user ownership where unintended.