Home » What is the need for `fakeroot` command in linux

What is the need for `fakeroot` command in linux


Imagine that you are a developer/package maintainer, etc. working on a remote server. You want to update the contents of a package and rebuild it, download and customize a kernel from kernel.org and build it, etc. While trying to do those things, you’ll find out that some steps require you to have root rights (UID and GID 0) for different reasons (security, overlooked permissions, etc). But it is not possible to get root rights, since you are working on a remote machine (and many other users have the same problem as you). This is what exactly fakeroot does: it pretends an effective UID and GID of 0 to the environment which requires them.

In practice you never get real root privileges (in opposite to su and sudo that you mention).

To see clearly the difference between fakeroot and a real sudo / su, just do:

$ fakeroot
# echo "Wow I have root access" > root.tst
# ls -l root.tst
-rw-rw-r-- 1 root root   23 Oct 25 12:13 root.tst
# ls -l /root
ls: cannot open directory /root: Permission denied
# exit
$ ls -l root.tst
-rw-rw-r-- 1 ubuntu ubuntu 23 Oct 25 12:13 root.tst

As long as you are within the fakeroot shell, it looks like if you are root – as long as you do not try to do anything that really needs root privileges. And this is exactly what a packaging tool need to make packages that will make sense on any machine.

In fact, when you use fakeroot for packaging, what you want to achieve is to make the tools you run under fakeroot to see your files as owned by root. Nothing more, nothing less. So in fact, su or sudo will not work for getting the right file ownership.

Since the answers are hard to understand (to myself) and it took some thinking to understand it (this comment made me understand it), I’m going to give a hopefully better explanation.

1. What happens in fakeroot

Nothing more than what happens with your own user. Absolutely nothing more. If you fakeroot (which when called gives you a new shell, like sudo would), pretend to do stuff that you needed permission for, and exit, absolutely nothing would happen.

If you think about it, it’s a total waste of time. Why would you do stuff that won’t actually happen? It’s insane. You could have simply not done any of it and there would have been no difference, since there’s no trace of it.

Wait a minute…

2. The trace of fakeroot

There could be a trace left of fakeroot. Let’s look at the commands in MortenSickel’s answer which is pretty nice and deserves an upvote:

$ fakeroot
# echo "Wow I have root access" > root.tst
# ls -l root.tst
-rw-rw-r-- 1 root root   23 Oct 25 12:13 root.tst
# ls -l /root
ls: cannot open directory /root: Permission denied
# exit
$ ls -l root.tst
-rw-rw-r-- 1 ubuntu ubuntu 23 Oct 25 12:13 root.tst

At the first glance, it looks like having used fakeroot was a total waste of time. In the end, if you hadn’t used fakeroot, you would have got the same thing.

The subtle thing here is this:

$ cat root.tst
Wow I have root access

Which means the content of the file still remembers being a root. You might say not using fakeroot would have produced the same results. You are right, this example is too simple.

Let’s take another example:

$ fakeroot
# touch x
# touch y
# chown myuser:myuser x
# ls -l > listing
# exit
$ ls -l
total 4
-rw-rw-r-- 1 myuser myuser 152 Jan  7 21:39 listing
-rw-rw-r-- 1 myuser myuser   0 Jan  7 21:39 x
-rw-rw-r-- 1 myuser myuser   0 Jan  7 21:39 y
$ cat listing
total 0
-rw-rw-r-- 1 root   root   0 Jan  7 21:39 listing
-rw-rw-r-- 1 myuser myuser 0 Jan  7 21:39 x
-rw-rw-r-- 1 root   root   0 Jan  7 21:39 y

Let’s see what happened. I pretended to be root, which is totally ineffective, and created x and y. I pretended x to belong to myuser and y to belong to root. They actually both belong to myuser (as we can see in the end), but I just pretended it to be like that.

Then I created a listing and saved my imagination to a file. Later when I look back at the file, I can see who I imagined the files should be owned by. Again, they are not actually owned by people I imagined, I just simply imagined that.

3. So… Why do you want that again?

You may say that I didn’t really need to fake being root to create that listing. I could have simply created the listing, then edited it to reflect my imagination. You are right, you didn’t need fakeroot for that. In fact, knowing that fakeroot doesn’t actually do anything, you can’t have possibly gained any ability you didn’t have before.

But, and this is what fakeroot is all about, editing the listing could be nontrivial. As it is with a package that can be installed on your system, you have a tared, gziped, xzed, bzip2ed or any other format that is keeping your files together and remembering their permissions and owners. Can you easily modify the compressed file and edit ownership of a file? I don’t know about you, but I can’t think of a way.

Could there be a tool built that, once everything is compressed, it modifies the compressed file and programmatically edits the ownerships and permissions? Yes there could. So either you could fake the ownerships before compressing, or change them after. Debian people decided the former is easier.

4. Why not just use sudo?

First of all, you don’t need root privileges to build software and you don’t need root privileges to compress them. So if you don’t need it, you’d have to really be a Windows user to even think of getting that permission. But sarcasm aside, you may not even have root password.

Besides, let’s say you do have root permissions. And let’s say you want to pretend that a file should have read access only to the root. So you sudo, actually change the file owner and permissions to root, you get out of root shell and try to package everything. You fail because now you cannot read the file anymore since you don’t have root access. So you have to sudo and compress and build the package as root. Effectively, you have to do everything as root.

This is BadTM.

As a packager, you don’t need root permissions and you shouldn’t get it. When you install a package, you may need to install some file (A) as root and that’s where you need root permissions. All fakeroot does is to make this possible. It lets the packager list A as owned by root for the archiver, so that when the package is decompressed by the user, the archiver demands root permission and creates A as owned by root.

Related Solutions

Joining bash arguments into single string with spaces

[*] I believe that this does what you want. It will put all the arguments in one string, separated by spaces, with single quotes around all: str="'$*'" $* produces all the scripts arguments separated by the first character of $IFS which, by default, is a space....

AddTransient, AddScoped and AddSingleton Services Differences

TL;DR Transient objects are always different; a new instance is provided to every controller and every service. Scoped objects are the same within a request, but different across different requests. Singleton objects are the same for every object and every...

How to download package not install it with apt-get command?

Use --download-only: sudo apt-get install --download-only pppoe This will download pppoe and any dependencies you need, and place them in /var/cache/apt/archives. That way a subsequent apt-get install pppoe will be able to complete without any extra downloads....

What defines the maximum size for a command single argument?

Answers Definitely not a bug. The parameter which defines the maximum size for one argument is MAX_ARG_STRLEN. There is no documentation for this parameter other than the comments in binfmts.h: /* * These are the maximum length and maximum number of strings...

Bulk rename, change prefix

I'd say the simplest it to just use the rename command which is common on many Linux distributions. There are two common versions of this command so check its man page to find which one you have: ## rename from Perl (common in Debian systems -- Ubuntu, Mint,...

Output from ls has newlines but displays on a single line. Why?

When you pipe the output, ls acts differently. This fact is hidden away in the info documentation: If standard output is a terminal, the output is in columns (sorted vertically) and control characters are output as question marks; otherwise, the output is...

mv: Move file only if destination does not exist

mv -vn file1 file2. This command will do what you want. You can skip -v if you want. -v makes it verbose - mv will tell you that it moved file if it moves it(useful, since there is possibility that file will not be moved) -n moves only if file2 does not exist....

Is it possible to store and query JSON in SQLite?

SQLite 3.9 introduced a new extension (JSON1) that allows you to easily work with JSON data . Also, it introduced support for indexes on expressions, which (in my understanding) should allow you to define indexes on your JSON data as well. PostgreSQL has some...

Combining tail && journalctl

You could use: journalctl -u service-name -f -f, --follow Show only the most recent journal entries, and continuously print new entries as they are appended to the journal. Here I've added "service-name" to distinguish this answer from others; you substitute...

how can shellshock be exploited over SSH?

One example where this can be exploited is on servers with an authorized_keys forced command. When adding an entry to ~/.ssh/authorized_keys, you can prefix the line with command="foo" to force foo to be run any time that ssh public key is used. With this...

Why doesn’t the tilde (~) expand inside double quotes?

The reason, because inside double quotes, tilde ~ has no special meaning, it's treated as literal. POSIX defines Double-Quotes as: Enclosing characters in double-quotes ( "" ) shall preserve the literal value of all characters within the double-quotes, with the...

What is GNU Info for?

GNU Info was designed to offer documentation that was comprehensive, hyperlinked, and possible to output to multiple formats. Man pages were available, and they were great at providing printed output. However, they were designed such that each man page had a...

Set systemd service to execute after fstab mount

a CIFS network location is mounted via /etc/fstab to /mnt/ on boot-up. No, it is not. Get this right, and the rest falls into place naturally. The mount is handled by a (generated) systemd mount unit that will be named something like mnt-wibble.mount. You can...

Merge two video clips into one, placing them next to each other

To be honest, using the accepted answer resulted in a lot of dropped frames for me. However, using the hstack filter_complex produced perfectly fluid output: ffmpeg -i left.mp4 -i right.mp4 -filter_complex hstack output.mp4 ffmpeg -i input1.mp4 -i input2.mp4...

How portable are /dev/stdin, /dev/stdout and /dev/stderr?

It's been available on Linux back into its prehistory. It is not POSIX, although many actual shells (including AT&T ksh and bash) will simulate it if it's not present in the OS; note that this simulation only works at the shell level (i.e. redirection or...

How can I increase the number of inodes in an ext4 filesystem?

It seems that you have a lot more files than normal expectation. I don't know whether there is a solution to change the inode table size dynamically. I'm afraid that you need to back-up your data, and create new filesystem, and restore your data. To create new...

Why doesn’t cp have a progress bar like wget?

The tradition in unix tools is to display messages only if something goes wrong. I think this is both for design and practical reasons. The design is intended to make it obvious when something goes wrong: you get an error message, and it's not drowned in...