EnglishFrenchSpanish

OnWorks favicon

fakeroot-ng - Online in the Cloud

Run fakeroot-ng in OnWorks free hosting provider over Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

This is the command fakeroot-ng that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


fakeroot-ng - run a command while making it believe it is running as root

SYNOPSIS


fakeroot-ng [ -llogfile [-f] ] [ -ppersist_file ] [-d] command line

DESCRIPTION


This manual page documents the fakeroot-ng command.

Fakeroot-ng allows running a process without any change to the permissions, but fooling
the process into thinking that it is running with root permissions. This typically
involves intercepting certain system calls the process performs and manipulating their
results. In order for the effect to be complete enough, previous manipulations have to be
remembered, and consistent results returned.

The idea behind fakroot-ng was first implemented by a tool called fakeroot(1). This tool
used LD_PRELOAD of the dynamic linking to glibc in order to intercept the system calls.
While this approach is very rebust and very platform independent, it does suffer in scope.
In particular, certain operations (mostly the open(2) system call) could not be
intercepted, which caused emulating other operations (mainly the chroot(2) system call) to
not be supported.

Fakeroot-ng strives to fill those gaps by using a totally different technology for system
call interception. Instead of using LD_PRELOAD, ptrace(2) is being used.

PARAMETERS


-pstate_file
Before the first process is being run, loads from state_file the information needed
in order to maintain a consistent view of file permissions and owners across
fakeroot-ng runs. This image is also automatically saved when the last process
exists. If more then one instance of fakeroot-ng is loaded simultaneously, both
with the same state_file, then the two instances will share state and their
processes will see the same picture at runtime.

-llog_file
Causes fakeroot-ng to dump to log_file internal state and processing information.
This is mostly useful for cases where fakeroot-ng fails to act as expected.

-f Causes the log file to be flushed after every print. Guarantees that the important
hint as to why the crash happened will be in the actual file, but has non-negligent
performance effect. Only has effect if -l is specified.

-d Tells fakeroot-ng not to completely daemonize itself. This is mostly useful in case
of crashes that cause a core dump, as the debugger would normally change directory
to root, which would prevent a core file from being created.

-v Print out the version number and copyright info and exit without doing anything.

-h Print out a short help screen and exit.

SIGNALS


Sending the ALRM signal to the fakeroot-ng master process makes it dump to the log a
complete list of all tracked processes, along with their parent and current state. This
is, mostly, a debugging feature. The signal does nothing if -l is not active. Please note
that no process executes any system calls while this takes place, so this feature
essentially freezes all of the debugged processes for a few seconds.

ENVIRONMENT VARIABLES AND SHARED MEMORY


Some of the communication between fakeroot-ng and the program being fooled is done through
a shared memory mechanism. In order to create it, fakeroot-ng creates a temporary file and
maps it into memory as executable segment. Some systems have their /tmp folder mounted
with the noexec flag. On those system, the mmap will fail and fakeroot-ng will not run.

There are two environment variables that allow fakeroot-ng to find a folder in which the
shared memory files can be created. The first is TMPDIR. If it exists, fakeroot-ng will
use it to create the temporary files, rather than /tmp. The problem with using TMPDIR for
creating temporary files is that fakeroot-ng is not the only one to use it. For that
reason, if the environment has a variable called FAEKROOT_TMPDIR, its value will override
that of either TMPDIR or the default /tmp directory.

On Linux, it is usually entirely safe to point FAKEROOT_TMPDIR to /dev/shm, which usually
lives up to expectations regarding mount mode and writability.

SECURITY CONSIDERATIONS


Fakeroot-ng is a non-SUID executable, and does not modify any sensitive data. It,
therefor, does not affect the overall security of the system. One may be tempted, however,
to use fakeroot-ng as a security tool, for running processes with reduced privileges or
inside a chroot jail. In addition to all the warnings that usually apply to using chroot
jails as a security tool (in a nutshell - don't), the following should be understood.

Unlike previous implementations, fakeroot-ng uses a technology that leaves the traced
process no choice regarding whether it will use fakeroot-ng's "services" or not. Compiling
a program statically, directly calling the kernel and manipulating ones own address space
are all techniques that can be trivially used to bypass LD_PRELOAD based control over a
process, and do not apply to fakeroot-ng. It is, theoretically, possible to mold
fakeroot-ng in such a way as to have total control over the traced process.

While it is theoretically possible, it has not been done. Fakeroot-ng does assume certain
"nicely behaved" assumptions about the process being traced, and a process that break
those assumptions may be able to, if not totally escape then at least circumvent some of
the "fake" environment imposed on it by fakeroot-ng. As such, you are strongly warned
against using fakeroot-ng as a security tool. Bug reports that claim that a process can
deliberatly (as opposed to inadvertly) escape fakeroot-ng's control will either be closed
as "not a bug" or marked as low priority.

It is possible that this policy be rethought in the future. For the time being, however,
you have been warned.

Use fakeroot-ng online using onworks.net services


Free Servers & Workstations

Download Windows & Linux apps

  • 1
    Phaser
    Phaser
    Phaser is a fast, free, and fun open
    source HTML5 game framework that offers
    WebGL and Canvas rendering across
    desktop and mobile web browsers. Games
    can be co...
    Download Phaser
  • 2
    VASSAL Engine
    VASSAL Engine
    VASSAL is a game engine for creating
    electronic versions of traditional board
    and card games. It provides support for
    game piece rendering and interaction,
    and...
    Download VASSAL Engine
  • 3
    OpenPDF - Fork of iText
    OpenPDF - Fork of iText
    OpenPDF is a Java library for creating
    and editing PDF files with a LGPL and
    MPL open source license. OpenPDF is the
    LGPL/MPL open source successor of iText,
    a...
    Download OpenPDF - Fork of iText
  • 4
    SAGA GIS
    SAGA GIS
    SAGA - System for Automated
    Geoscientific Analyses - is a Geographic
    Information System (GIS) software with
    immense capabilities for geodata
    processing and ana...
    Download SAGA GIS
  • 5
    Toolbox for Java/JTOpen
    Toolbox for Java/JTOpen
    The IBM Toolbox for Java / JTOpen is a
    library of Java classes supporting the
    client/server and internet programming
    models to a system running OS/400,
    i5/OS, o...
    Download Toolbox for Java/JTOpen
  • 6
    D3.js
    D3.js
    D3.js (or D3 for Data-Driven Documents)
    is a JavaScript library that allows you
    to produce dynamic, interactive data
    visualizations in web browsers. With D3
    you...
    Download D3.js
  • More »

Linux commands

Ad