fakeroot
Simulate root privileges for package building
TLDR
Start the default shell as fakeroot
Run a command as fakeroot
Run a command as fakeroot and [s]ave the environment to a file on exit
Load a fakeroot environment and run a command as fakeroot
Run a command keeping the real ownership of files instead of pretending they are owned by root
Display help
SYNOPSIS
fakeroot [OPTIONS] COMMAND [ARGUMENTS...]
fakeroot -s FILE [OPTIONS] COMMAND [ARGUMENTS...]
fakeroot -i FILE [OPTIONS] COMMAND [ARGUMENTS...]
PARAMETERS
-l LIBRARY, --lib=LIBRARY
Specify an alternative shared library to use. This is rarely needed for typical use cases.
-i FILE, --load=FILE
Load a previously saved fakeroot state from the specified FILE. Useful for continuing a build or operation across multiple fakeroot invocations.
-s FILE, --save=FILE
Save the current fakeroot state to the specified FILE before exiting. This allows for persistent fake root information.
-u, --unknown-is-real
Treat unknown UIDs/GIDs (those not explicitly managed by fakeroot) as real UIDs/GIDs on the actual filesystem. This is typically the default behavior.
-f, --force
Force fakeroot to run, even if it detects that it might not be necessary (e.g., when running as root). Useful for debugging or consistent environments.
-c, --unlib-is-real
Treat unsupported fakeroot library calls as real. This means operations not intercepted by fakeroot will apply directly to the real filesystem.
-v, --version
Display the version information of fakeroot.
-h, --help
Display a help message and exit.
COMMAND [ARGUMENTS...]
The command and its arguments to be executed within the fakeroot environment.
DESCRIPTION
fakeroot is a program that runs a command in an environment wherein it appears to have root privileges for file manipulation. This is achieved by intercepting library calls that perform operations like stat, chmod, chown, mknod, mkdir, rename, and unlink. Instead of performing these operations with real root permissions, fakeroot maintains an internal table of file ownerships and permissions, making it seem as though the calling process is root.
It's particularly useful for building software packages (e.g., .deb, .rpm) as an unprivileged user. During package creation, files often need to be owned by root:root or have specific permissions. fakeroot allows the build process to create these files with the desired attributes without requiring actual root access, ensuring the integrity of the packaging while maintaining user security. The fake root environment is purely local to the fakeroot process and its children; it does not affect the real filesystem or system security.
CAVEATS
fakeroot provides a userspace emulation and does not grant actual root privileges. It cannot intercept all system calls (e.g., setuid() or direct kernel interactions). Processes that explicitly check the real UID (via getuid()) or perform operations outside the scope of intercepted library calls (like network operations or kernel module loading) will not be fooled. It also does not work with suid binaries, as they usually drop privileges or bypass library interception. The state file can grow significantly for large builds, potentially impacting performance or disk space.
HOW IT WORKS: LD_PRELOAD
fakeroot operates by setting the LD_PRELOAD environment variable. This variable tells the dynamic linker to load a specified shared library before any other libraries. fakeroot's library contains its own versions of common filesystem functions (like open, stat, chown). When a program executed under fakeroot calls one of these functions, fakeroot's version is loaded instead of the system's version. This allows fakeroot to intercept the call and return 'fake' information (e.g., that a file is owned by root) or modify the operation's parameters before passing it to the real system call, without requiring special kernel privileges or modifications.
TYPICAL USE CASES
The most common use case for fakeroot is during the creation of package archives such as .deb (Debian/Ubuntu) or .rpm (Red Hat/Fedora) files. Packaging tools often require files within the package to have specific permissions and ownerships, usually root:root, to ensure they are installed correctly on the target system. By running the package build commands under fakeroot, an unprivileged user can create these files with the desired attributes, and the resulting package will contain the correct metadata without needing to actually run the build process as the root user.
HISTORY
fakeroot was primarily developed within the context of building Debian packages, where it addresses the challenge of creating packages with correct file ownerships (typically root:root) and permissions by unprivileged build users. Its initial development can be attributed to Joost W. Witteveen. It leverages the LD_PRELOAD mechanism, a powerful feature of the Linux dynamic linker, to inject its custom library and intercept standard C library calls. This design made it a widely adopted tool in various Linux packaging ecosystems, simplifying the build process for many open-source projects.