fakeroot

Start the default shell as fakeroot

$ fakeroot

$ fakeroot -- [command] [command_arguments]

$ fakeroot -s [path/to/file] -- [command] [command_arguments]

$ fakeroot -i [path/to/file] -- [command] [command_arguments]

$ fakeroot [[-u|--unknown-is-real]] -- [command] [command_arguments]

$ fakeroot [[-h|--help]]

fakeroot [OPTIONS] COMMAND [ARGUMENTS...]
fakeroot -s FILE [OPTIONS] COMMAND [ARGUMENTS...]
fakeroot -i FILE [OPTIONS] COMMAND [ARGUMENTS...]

-l LIBRARY, --lib=LIBRARY
    Specify an alternative shared library to use. This is rarely needed for typical use cases.

-i FILE, --load=FILE
    Load a previously saved fakeroot state from the specified FILE. Useful for continuing a build or operation across multiple fakeroot invocations.

-s FILE, --save=FILE
    Save the current fakeroot state to the specified FILE before exiting. This allows for persistent fake root information.

-u, --unknown-is-real
    Treat unknown UIDs/GIDs (those not explicitly managed by fakeroot) as real UIDs/GIDs on the actual filesystem. This is typically the default behavior.

-f, --force
    Force fakeroot to run, even if it detects that it might not be necessary (e.g., when running as root). Useful for debugging or consistent environments.

-c, --unlib-is-real
    Treat unsupported fakeroot library calls as real. This means operations not intercepted by fakeroot will apply directly to the real filesystem.

-v, --version
    Display the version information of fakeroot.

-h, --help
    Display a help message and exit.

COMMAND [ARGUMENTS...]
    The command and its arguments to be executed within the fakeroot environment.

fakeroot is a program that runs a command in an environment wherein it appears to have root privileges for file manipulation. This is achieved by intercepting library calls that perform operations like stat, chmod, chown, mknod, mkdir, rename, and unlink. Instead of performing these operations with real root permissions, fakeroot maintains an internal table of file ownerships and permissions, making it seem as though the calling process is root.

It's particularly useful for building software packages (e.g., .deb, .rpm) as an unprivileged user. During package creation, files often need to be owned by root:root or have specific permissions. fakeroot allows the build process to create these files with the desired attributes without requiring actual root access, ensuring the integrity of the packaging while maintaining user security. The fake root environment is purely local to the fakeroot process and its children; it does not affect the real filesystem or system security.

fakeroot provides a userspace emulation and does not grant actual root privileges. It cannot intercept all system calls (e.g., setuid() or direct kernel interactions). Processes that explicitly check the real UID (via getuid()) or perform operations outside the scope of intercepted library calls (like network operations or kernel module loading) will not be fooled. It also does not work with suid binaries, as they usually drop privileges or bypass library interception. The state file can grow significantly for large builds, potentially impacting performance or disk space.

fakeroot operates by setting the LD_PRELOAD environment variable. This variable tells the dynamic linker to load a specified shared library before any other libraries. fakeroot's library contains its own versions of common filesystem functions (like open, stat, chown). When a program executed under fakeroot calls one of these functions, fakeroot's version is loaded instead of the system's version. This allows fakeroot to intercept the call and return 'fake' information (e.g., that a file is owned by root) or modify the operation's parameters before passing it to the real system call, without requiring special kernel privileges or modifications.

The most common use case for fakeroot is during the creation of package archives such as .deb (Debian/Ubuntu) or .rpm (Red Hat/Fedora) files. Packaging tools often require files within the package to have specific permissions and ownerships, usually root:root, to ensure they are installed correctly on the target system. By running the package build commands under fakeroot, an unprivileged user can create these files with the desired attributes, and the resulting package will contain the correct metadata without needing to actually run the build process as the root user.

fakeroot was primarily developed within the context of building Debian packages, where it addresses the challenge of creating packages with correct file ownerships (typically root:root) and permissions by unprivileged build users. Its initial development can be attributed to Joost W. Witteveen. It leverages the LD_PRELOAD mechanism, a powerful feature of the Linux dynamic linker, to inject its custom library and intercept standard C library calls. This design made it a widely adopted tool in various Linux packaging ecosystems, simplifying the build process for many open-source projects.

sudo(8), chroot(8), unshare(1), schroot(1)