| 1 |
.\" Process this file with
|
| 2 |
.\" groff -man -Tascii foo.1
|
| 3 |
.\"
|
| 4 |
.\" "verbatim" environment (from strace.1)
|
| 5 |
.de CW
|
| 6 |
.sp
|
| 7 |
.nf
|
| 8 |
.ft CW
|
| 9 |
..
|
| 10 |
.de CE
|
| 11 |
.ft
|
| 12 |
.fi
|
| 13 |
.sp
|
| 14 |
..
|
| 15 |
.\"
|
| 16 |
.TH fakeroot 1 "26 July 1997" "Debian Project" "Debian GNU/Linux manual"
|
| 17 |
.\" Manpage by J.H.M. Dassen <jdassen@wi.LeidenUniv.nl>
|
| 18 |
.SH NOM
|
| 19 |
fakeroot \- run a command in an environment faking root privileges for file
|
| 20 |
manipulation
|
| 21 |
.SH SYNOPSIS
|
| 22 |
.B fakeroot
|
| 23 |
.B [\-l|\-\-lib
|
| 24 |
.IB library]
|
| 25 |
.B [-\-faked
|
| 26 |
.IB faked-binary]
|
| 27 |
.BI [--]
|
| 28 |
.BI [command]
|
| 29 |
.SH DESCRIPTION
|
| 30 |
.B fakeroot
|
| 31 |
runs a command in an environment were it appears to have root privileges for
|
| 32 |
file manipulation. This is useful for allowing users to create archives
|
| 33 |
(tar, ar, .deb etc.) with files in them with root permissions/ownership.
|
| 34 |
Without
|
| 35 |
.B fakeroot
|
| 36 |
one would have to have root privileges to create the constituent files of
|
| 37 |
the archives with the correct permissions and ownership, and then pack them
|
| 38 |
up, or one would have to construct the archives directly, without using the
|
| 39 |
archiver.
|
| 40 |
|
| 41 |
.B fakeroot
|
| 42 |
works by replacing the file manipulation library functions (chmod(2),
|
| 43 |
stat(2) etc.) by ones that simulate the effect the real library
|
| 44 |
functions would have had, had the user really been root. These wrapper
|
| 45 |
functions are in a shared library
|
| 46 |
.B /usr/lib/libfakeroot.so*
|
| 47 |
which is loaded through the
|
| 48 |
.B LD_PRELOAD
|
| 49 |
mechanism of the dynamic loader. (See
|
| 50 |
.BR ld.so (8))
|
| 51 |
|
| 52 |
If you intend to build packages with
|
| 53 |
.BR fakeroot ,
|
| 54 |
please try building
|
| 55 |
the fakeroot package first: the "debian/rules build" stage has a
|
| 56 |
few tests (testing mostly for bugs in old fakeroot
|
| 57 |
versions). If those tests fail (for example because you have
|
| 58 |
certain libc5 programs on your system), other packages you build with
|
| 59 |
fakeroot will quite likely fail too, but possibly in much more subtle
|
| 60 |
ways.
|
| 61 |
|
| 62 |
Also, note that it's best not to do the building of the binaries
|
| 63 |
themselves under fakeroot. Especially configure and friends don't like
|
| 64 |
it when the system suddenly behaves differently from what they
|
| 65 |
expect. (or, they randomly unset some environemnt variables, some of
|
| 66 |
which fakeroot needs).
|
| 67 |
|
| 68 |
.SH OPTIONS
|
| 69 |
.TP
|
| 70 |
.BI \-\-lib \ library
|
| 71 |
Specify an alternative wrapper library.
|
| 72 |
.TP
|
| 73 |
.BI \-\-faked \ binary
|
| 74 |
Specify an alternative binary to use as faked.
|
| 75 |
.TP
|
| 76 |
.BI [\-\-] \ command
|
| 77 |
any command you want to be ran as fakeroot. Use `--' if in the command
|
| 78 |
you have other options that may confuse fakeroot's option parsing.
|
| 79 |
.TP
|
| 80 |
.SH EXAMPLES
|
| 81 |
Here is an example session with
|
| 82 |
.BR fakeroot .
|
| 83 |
Notice that inside the fake root environment file manipulation that
|
| 84 |
requires root privileges succeeds, but is not really happening.
|
| 85 |
.CW
|
| 86 |
$ whoami
|
| 87 |
joost
|
| 88 |
$ fakeroot /bin/bash
|
| 89 |
# whoami
|
| 90 |
root
|
| 91 |
# mknod hda3 b 3 1
|
| 92 |
# ls -ld hda3
|
| 93 |
brw-r--r-- 1 root root 3, 1 Jul 2 22:58 hda3
|
| 94 |
# chown joost:root hda3
|
| 95 |
# ls -ld hda3
|
| 96 |
brw-r--r-- 1 joost root 3, 1 Jul 2 22:58 hda3
|
| 97 |
# ls -ld /
|
| 98 |
drwxr-xr-x 20 root root 1024 Jun 17 21:50 /
|
| 99 |
# chown joost:users /
|
| 100 |
# chmod a+w /
|
| 101 |
# ls -ld /
|
| 102 |
drwxrwxrwx 20 joost users 1024 Jun 17 21:50 /
|
| 103 |
# exit
|
| 104 |
$ ls -ld /
|
| 105 |
drwxr-xr-x 20 root root 1024 Jun 17 21:50 //
|
| 106 |
$ ls -ld hda3
|
| 107 |
-rw-r--r-- 1 joost users 0 Jul 2 22:58 hda3
|
| 108 |
.CE
|
| 109 |
Only the effects that user
|
| 110 |
.B joost
|
| 111 |
could do anyway happen for real.
|
| 112 |
|
| 113 |
.B fakeroot
|
| 114 |
was specifically written to enable users to create Debian GNU/Linux
|
| 115 |
packages (in the
|
| 116 |
.BR deb(5)
|
| 117 |
format) without giving them root privileges.
|
| 118 |
This can be done by commands like
|
| 119 |
.B dpkg-buildpackage -rfakeroot
|
| 120 |
or
|
| 121 |
.B debuild -rfakeroot
|
| 122 |
(actually, -rfakeroot is default in debuild nowadays, so you don't
|
| 123 |
need that argument).
|
| 124 |
.SH SECURITY ASPECTS
|
| 125 |
.B fakeroot
|
| 126 |
is a regular, non-setuid program. It does not enhance a user's
|
| 127 |
privileges, or decrease the system's security.
|
| 128 |
.SH FICHIERS
|
| 129 |
.I /usr/lib/libfakeroot/libfakeroot.so*
|
| 130 |
The shared library containing the wrapper functions.
|
| 131 |
.SH ENVIRONNEMENT
|
| 132 |
.B
|
| 133 |
.IP FAKEROOTKEY
|
| 134 |
The key used to communicate with the fakeroot daemon. Any program
|
| 135 |
started with the right
|
| 136 |
.B LD_PRELOAD
|
| 137 |
and a
|
| 138 |
.B FAKEROOTKEY
|
| 139 |
of a running daemon will automatically connect to that daemon, and
|
| 140 |
have the same "fake" view of the filesystem's permissions/ownerships.
|
| 141 |
(assuming the daemon and connecting program were started by the same
|
| 142 |
user).
|
| 143 |
.SH LIMITATIONS
|
| 144 |
.B
|
| 145 |
.IP "Library versions"
|
| 146 |
Every command executed within
|
| 147 |
.B fakeroot
|
| 148 |
needs to be linked to the same version of the C library as
|
| 149 |
.B fakeroot
|
| 150 |
itself. Because the potato version of debian now uses libc6 only
|
| 151 |
(glibc2.1), this isn't that much of a problem any more.
|
| 152 |
.B
|
| 153 |
.IP open()/create()
|
| 154 |
Fakeroot doesn't wrap open(), create(), etc. So, if user
|
| 155 |
.B joost
|
| 156 |
does either
|
| 157 |
.CW
|
| 158 |
touch foo
|
| 159 |
fakeroot
|
| 160 |
ls -al foo
|
| 161 |
.CE
|
| 162 |
or the other way around,
|
| 163 |
.CW
|
| 164 |
fakeroot
|
| 165 |
touch foo
|
| 166 |
ls -al foo
|
| 167 |
.CE
|
| 168 |
fakeroot has no way of knowing that in the first case, the owner of
|
| 169 |
foo really should be
|
| 170 |
.B joost
|
| 171 |
while the second case it should have been
|
| 172 |
.BR root .
|
| 173 |
For the Debian packaging, defaulting to giving all "unknown" files
|
| 174 |
uid=gid=0, is always OK. The real way around this is to wrap
|
| 175 |
.B open()
|
| 176 |
and
|
| 177 |
.BR create() ,
|
| 178 |
but that creates other problems, as demonstrated by the libtricks
|
| 179 |
package. This package wrapped many more functions, and tried to do a
|
| 180 |
lot more than
|
| 181 |
.B fakeroot.
|
| 182 |
It turned out that a minor upgrade of libc (from one where the
|
| 183 |
.BR stat()
|
| 184 |
function didn't use
|
| 185 |
.BR open()
|
| 186 |
to one with a
|
| 187 |
.BR stat()
|
| 188 |
function that did (in some cases) use
|
| 189 |
.BR open() ),
|
| 190 |
would cause unexplainable segfaults (that is, the libc6
|
| 191 |
.BR stat()
|
| 192 |
called the wrapped
|
| 193 |
.BR open() ,
|
| 194 |
which would then call the libc6
|
| 195 |
.BR stat() ,
|
| 196 |
etc)
|
| 197 |
. Fixing them wasn't all that easy,
|
| 198 |
but once fixed, it was just a matter of time before another function
|
| 199 |
started to use open(), never mind trying to port it to a different
|
| 200 |
operating system. Thus I decided to keep the number of functions
|
| 201 |
wrapped by fakeroot as small as possible, to limit the likelyhood
|
| 202 |
of `collisions'.
|
| 203 |
.B
|
| 204 |
.IP "GNU configure (and other such programs)"
|
| 205 |
Fakeroot, in effect, is changing the way the system
|
| 206 |
behaves. Programs that probe the system like GNU configure may get
|
| 207 |
confused by this (or if they don't, they may stress fakeroot so much
|
| 208 |
that fakeroot itself becomes confused). So, it's advisable not to run
|
| 209 |
"configure" from within fakeroot. As configure should be called in the
|
| 210 |
"debian/rules build" target, running "dpkg-buildpackage -rfakeroot"
|
| 211 |
correctly takes care of this.
|
| 212 |
.SH BOGUES
|
| 213 |
It doens't wrap open(). This isn't bad by itself, but if a program
|
| 214 |
does open("file", O_WRONLY, 000), writes to file "file", closes it,
|
| 215 |
and then again tries to open to read the file, then that open fails, as
|
| 216 |
the mode of the file will be 000. The bug is that if root does the
|
| 217 |
same, the open will suceed, as the file permissions aren't checked at
|
| 218 |
all for root. I choose not to wrap open(), as open() is used by many
|
| 219 |
other functions in libc (also those that are already wrapped), thus
|
| 220 |
creating loops (or possible future loops, when the implementation of
|
| 221 |
various libc functions slightly change).
|
| 222 |
.SH COPYING
|
| 223 |
.B fakeroot
|
| 224 |
is distributed under the GNU General Public License.
|
| 225 |
(GPL 2.0 or greater).
|
| 226 |
.SH AUTEUR
|
| 227 |
joost witteveen
|
| 228 |
.RI < joostje@debian.org >
|
| 229 |
.SH MANUAL PAGE
|
| 230 |
mostly by J.H.M. Dassen
|
| 231 |
.RI <jdassen@wi.LeidenUniv.nl>
|
| 232 |
Rather a lot mods/additions by joost.
|
| 233 |
.SH "VOIR AUSSI"
|
| 234 |
.BR faked (1)
|
| 235 |
.BR dpkg-buildpackage (1),
|
| 236 |
.BR build (1L)
|
| 237 |
.BR /usr/doc/fakeroot/DEBUG
|
| 238 |
|
| 239 |
.SH TRADUCTEUR
|
Parent Directory
| 
Revision Log