What is the need for `fakeroot` command in linux

Why do we need fakeroot command at all? Can’t we simply use the sudo or su commands?

The man page says:

fakeroot – run a command in an environment faking root privileges for file manipulation

About.com says:

Gives a fake root environment. This package is intended to enable something like: dpkg-buildpackage -rfakeroot i.e. to remove the need to become root for a package build. This is done by setting LD_PRELOAD to libfakeroot.so, which provides wrappers around getuid, chown, chmod, mknod, stat, …, thereby creating a fake root environment. If you don’t understand any of this, you do not need fakeroot!

My question is, what special purpose does it solve that a simple su or sudo don’t? For example, for repacking all installed packages in ubuntu we give following command:

$ fakeroot -u dpkg-repack `dpkg --get-selections | grep install | cut -f1`

Can we do the above command with sudo or su instead of fakeroot like this:

$ sudo dpkg-repack `dpkg --get-selections | grep install | cut -f1`

EDIT:

Running:

$ sudo dpkg-repack `dpkg --get-selections | grep install | cut -f1`

gives me this error:

control directory has bad permissions 700 (must be >=0755 and <=0775)

Any reason why?

Asked By: gkt

||

I’ve used it for package building scripts. I was not sure that the person running the script has root level access, but the script still needed to generate, say, a tar file which contained files that belong to root. The simplest way to do it was run the package building script under fakeroot, which tricked the archiver into believing that the files belong to root, and packed them up as such inside the archive. This way, when the package was unpacked to the destination machine (on a different machine altogether), the files didn’t belong to weird or non-existing users.

Thinking about it, the only place I’ve seen this was for building some kind of archive: rootfs of embedded systems, tar.gz archives, rpm packages, .deb packages, etc.

Answered By: Dysaster

AFAIK, fakeroot runs a command in an environment wherein it appears to have root privileges for file manipulation. This is useful for allowing users to create archives (tar, ar, .deb etc.) with files in them with root permissions/ownership. Without fakeroot one would need to have root privileges to create the constituent files of the archives with the correct permissions and ownership, and then pack them up, or one would have to construct the archives directly, without using the archiver.

fakeroot works by replacing the file manipulation library functions (chmod(), stat() etc.) by ones that simulate the effect the real library functions would have had, had the user really been root.

Synopsis :

 fakeroot [-l|--lib library] [--faked faked-binary] [--] [command]  

Check more here : fakeroot

Answered By: Saurabh Gokhale

Imagine that you are a developer/package maintainer, etc. working on a remote server. You want to update the contents of a package and rebuild it, download and customize a kernel from kernel.org and build it, etc. While trying to do those things, you’ll find out that some steps require you to have root rights (UID and GID 0) for different reasons (security, overlooked permissions, etc). But it is not possible to get root rights, since you are working on a remote machine (and many other users have the same problem as you). This is what exactly fakeroot does: it pretends an effective UID and GID of 0 to the environment which requires them.

In practice you never get real root privileges (in opposite to su and sudo that you mention).

Answered By: sakisk

One common usage is to find out what files a failing binary really wanted to access. That is, finding out and fix or working around bugs caused by hard coded paths and improper exception handling.

Answered By: Eero Ketonen

To see clearly the difference between fakeroot and a real sudo / su, just do:

$ fakeroot
# echo "Wow I have root access" > root.tst
# ls -l root.tst
-rw-rw-r-- 1 root root   23 Oct 25 12:13 root.tst
# ls -l /root
ls: cannot open directory /root: Permission denied
# exit
$ ls -l root.tst
-rw-rw-r-- 1 ubuntu ubuntu 23 Oct 25 12:13 root.tst

As long as you are within the fakeroot shell, it looks like if you are root – as long as you do not try to do anything that really needs root privileges. And this is exactly what a packaging tool need to make packages that will make sense on any machine.

In fact, when you use fakeroot for packaging, what you want to achieve is to make the tools you run under fakeroot to see your files as owned by root. Nothing more, nothing less. So in fact, su or sudo will not work for getting the right file ownership.

Answered By: MortenSickel

You can use fakeroot without actually having root privileges. If you had su and/or sudo you would be able to destroy your system with a simple rm -rf /, but with fakeroot at most you would remove your home directory.

Answered By: gabrielhidasy

Since the answers are hard to understand (to myself) and it took some thinking to understand it (this comment made me understand it), I’m going to give a hopefully better explanation.

1. What happens in fakeroot

Nothing more than what happens with your own user. Absolutely nothing more. If you fakeroot (which when called gives you a new shell, like sudo would), pretend to do stuff that you needed permission for, and exit, absolutely nothing would happen.

If you think about it, it’s a total waste of time. Why would you do stuff that won’t actually happen? It’s insane. You could have simply not done any of it and there would have been no difference, since there’s no trace of it.

Wait a minute…

2. The trace of fakeroot

There could be a trace left of fakeroot. Let’s look at the commands in MortenSickel’s answer which is pretty nice and deserves an upvote:

$ fakeroot
# echo "Wow I have root access" > root.tst
# ls -l root.tst
-rw-rw-r-- 1 root root   23 Oct 25 12:13 root.tst
# ls -l /root
ls: cannot open directory /root: Permission denied
# exit
$ ls -l root.tst
-rw-rw-r-- 1 ubuntu ubuntu 23 Oct 25 12:13 root.tst

At the first glance, it looks like having used fakeroot was a total waste of time. In the end, if you hadn’t used fakeroot, you would have got the same thing.

The subtle thing here is this:

$ cat root.tst
Wow I have root access

Which means the content of the file still remembers being a root. You might say not using fakeroot would have produced the same results. You are right, this example is too simple.

Let’s take another example:

$ fakeroot
# touch x
# touch y
# chown myuser:myuser x
# ls -l > listing
# exit
$ ls -l
total 4
-rw-rw-r-- 1 myuser myuser 152 Jan  7 21:39 listing
-rw-rw-r-- 1 myuser myuser   0 Jan  7 21:39 x
-rw-rw-r-- 1 myuser myuser   0 Jan  7 21:39 y
$ cat listing
total 0
-rw-rw-r-- 1 root   root   0 Jan  7 21:39 listing
-rw-rw-r-- 1 myuser myuser 0 Jan  7 21:39 x
-rw-rw-r-- 1 root   root   0 Jan  7 21:39 y

Let’s see what happened. I pretended to be root, which is totally ineffective, and created x and y. I pretended x to belong to myuser and y to belong to root. They actually both belong to myuser (as we can see in the end), but I just pretended it to be like that.

Then I created a listing and saved my imagination to a file. Later when I look back at the file, I can see who I imagined the files should be owned by. Again, they are not actually owned by people I imagined, I just simply imagined that.

3. So… Why do you want that again?

You may say that I didn’t really need to fake being root to create that listing. I could have simply created the listing, then edited it to reflect my imagination. You are right, you didn’t need fakeroot for that. In fact, knowing that fakeroot doesn’t actually do anything, you can’t have possibly gained any ability you didn’t have before.

But, and this is what fakeroot is all about, editing the listing could be nontrivial. As it is with a package that can be installed on your system, you have a tared, gziped, xzed, bzip2ed or any other format that is keeping your files together and remembering their permissions and owners. Can you easily modify the compressed file and edit ownership of a file? I don’t know about you, but I can’t think of a way.

Could there be a tool built that, once everything is compressed, it modifies the compressed file and programmatically edits the ownerships and permissions? Yes there could. So either you could fake the ownerships before compressing, or change them after. Debian people decided the former is easier.

4. Why not just use sudo?

First of all, you don’t need root privileges to build software and you don’t need root privileges to compress them. So if you don’t need it, you’d have to really be a Windows user to even think of getting that permission. But sarcasm aside, you may not even have root password.

Besides, let’s say you do have root permissions. And let’s say you want to pretend that a file should have read access only to the root. So you sudo, actually change the file owner and permissions to root, you get out of root shell and try to package everything. You fail because now you cannot read the file anymore since you don’t have root access. So you have to sudo and compress and build the package as root. Effectively, you have to do everything as root.

This is BadTM.

As a packager, you don’t need root permissions and you shouldn’t get it. When you install a package, you may need to install some file (A) as root and that’s where you need root permissions. All fakeroot does is to make this possible. It lets the packager list A as owned by root for the archiver, so that when the package is decompressed by the user, the archiver demands root permission and creates A as owned by root.

Answered By: Shahbaz

The simple answer:

su and sudo run commands as root. fakeroot does not, outside of it’s partial sandbox arrangement.

Answered By: jdmayfield

Here’s a good use:

$ echo "Hello, world." > root.tst
$ tar cf without.tar root.tst
$ fakeroot tar cf with.tar root.tst
$ tar tvf without.tar
-rw-rw-r-- ubuntu/ubuntu    14 2023-09-19 15:27 root.tst
$ tar tvf with.tar
-rw-rw-r-- root/root        14 2023-09-19 15:27 root.tst

The tar file you created without using fakeroot includes your userid in the meta data for the file. This may not be useful on another system because that system may not even have the same user. However, creating the tar file with fakeroot sets the owner to uid 0.

This is a contrived example in that you could accomplish the same thing by adding the "–owner=root" and "–group=root" arguments to the tar command, however there are other applications, such a "dpkg-deb" that call tar without giving an option for passing arguments to it.

Answered By: Steven Schoch
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.