fakeroot - run a command in an environment faking root privileges for
fakeroot [-l|--lib library] [--faked faked-binary] [--] [command]
fakeroot runs a command in an environment were it appears to have root
privileges for file manipulation. This is useful for allowing users to
create archives (tar, ar, .deb etc.) with files in them with root permissions/ownership.
Without fakeroot one would have to have root privileges
to create the constituent files of the archives with the correct
permissions and ownership, and then pack them up, or one would have to
construct the archives directly, without using the archiver.
fakeroot works by replacing the file manipulation library functions
(chmod(2), stat(2) etc.) by ones that simulate the effect the real
library functions would have had, had the user really been root. These
wrapper functions are in a shared library /usr/lib/libfakeroot.so*
which is loaded through the LD_PRELOAD mechanism of the dynamic loader.
If you intend to build packages with fakeroot, please try building the
fakeroot package first: the "debian/rules build" stage has a few tests
(testing mostly for bugs in old fakeroot versions). If those tests fail
(for example because you have certain libc5 programs on your system),
other packages you build with fakeroot will quite likely fail too, but
possibly in much more subtle ways.
Also, note that it's best not to do the building of the binaries themselves
under fakeroot. Especially configure and friends don't like it
when the system suddenly behaves differently from what they expect.
(or, they randomly unset some environemnt variables, some of which
Specify an alternative wrapper library.
Specify an alternative binary to use as faked.
any command you want to be ran as fakeroot. Use `--' if in the
command you have other options that may confuse fakeroot's
EXAMPLES [Toc] [Back]
Here is an example session with fakeroot. Notice that inside
the fake root environment file manipulation that requires root
privileges succeeds, but is not really happening.
$ fakeroot /bin/bash
# mknod hda3 b 3 1
# ls -ld hda3
brw-r--r-- 1 root root 3, 1 Jul 2 22:58 hda3
# chown joost:root hda3
# ls -ld hda3
brw-r--r-- 1 joost root 3, 1 Jul 2 22:58 hda3
# ls -ld /
drwxr-xr-x 20 root root 1024 Jun 17 21:50 /
# chown joost:users /
# chmod a+w /
# ls -ld /
drwxrwxrwx 20 joost users 1024 Jun 17 21:50 /
$ ls -ld /
drwxr-xr-x 20 root root 1024 Jun 17 21:50 //
$ ls -ld hda3
-rw-r--r-- 1 joost users 0 Jul 2 22:58 hda3
Only the effects that user joost could do anyway happen for
fakeroot was specifically written to enable users to create
Debian GNU/Linux packages (in the deb(5) format) without giving
them root privileges. This can be done by commands like dpkg-
buildpackage -rfakeroot or debuild -rfakeroot (actually, -rfakeroot
is default in debuild nowadays, so you don't need that
fakeroot is a regular, non-setuid program. It does not enhance a user's
privileges, or decrease the system's security.
/usr/lib/libfakeroot/libfakeroot.so* The shared library containing the
The key used to communicate with the fakeroot daemon. Any program
started with the right LD_PRELOAD and a FAKEROOTKEY of a
running daemon will automatically connect to that daemon, and
have the same "fake" view of the filesystem's permissions/ownerships.
(assuming the daemon and connecting program were started
by the same user).
Every command executed within fakeroot needs to be linked to the
same version of the C library as fakeroot itself. Because the
potato version of debian now uses libc6 only (glibc2.1), this
isn't that much of a problem any more.
Fakeroot doesn't wrap open(), create(), etc. So, if user joost
ls -al foo
or the other way around,
ls -al foo
fakeroot has no way of knowing that in the first case, the owner
of foo really should be joost while the second case it should
have been root. For the Debian packaging, defaulting to giving
all "unknown" files uid=gid=0, is always OK. The real way around
this is to wrap open() and create(), but that creates other
problems, as demonstrated by the libtricks package. This package
wrapped many more functions, and tried to do a lot more than
fakeroot. It turned out that a minor upgrade of libc (from one
where the stat() function didn't use open() to one with a stat()
function that did (in some cases) use open()), would cause unexplainable
segfaults (that is, the libc6 stat() called the
wrapped open(), which would then call the libc6 stat(), etc) but
once fixed, it was just a matter of time before another function
started to use open(), never mind trying to port it to a different
operating system. Thus I decided to keep the number of functions
wrapped by fakeroot as small as possible, to limit the
likelyhood of `collisions'.
GNU configure (and other such programs) [Toc] [Back]
Fakeroot, in effect, is changing the way the system behaves.
Programs that probe the system like GNU configure may get confused
by this (or if they don't, they may stress fakeroot so
much that fakeroot itself becomes confused). So, it's advisable
not to run "configure" from within fakeroot. As configure should
be called in the "debian/rules build" target, running "dpkgbuildpackage
-rfakeroot" correctly takes care of this.
It doens't wrap open(). This isn't bad by itself, but if a program does
open("file", O_WRONLY, 000), writes to file "file", closes it, and then
again tries to open to read the file, then that open fails, as the mode
of the file will be 000. The bug is that if root does the same, the
open will suceed, as the file permissions aren't checked at all for
root. I choose not to wrap open(), as open() is used by many other
functions in libc (also those that are already wrapped), thus creating
loops (or possible future loops, when the implementation of various
libc functions slightly change).
fakeroot is distributed under the GNU General Public License. (GPL 2.0
joost witteveen <email@example.com>
mostly by J.H.M. Dassen <jdassen@wi.LeidenUniv.nl> Rather a lot
mods/additions by joost.
faked(1) dpkg-buildpackage(1), build(1L) /usr/doc/fakeroot/DEBUG
Debian Project 26 July 1997 fakeroot(1)
[ Back ]