On Sat, Jun 23, 2001 at 10:59:47AM -0500, Ken Januski wrote: > Let me rephrase the question. I've never used fakeroot or sudo but > realize that they allow root privileges without being root. What I'm > wondering, and I know this is very basic, is why it is better to do > whatever you're doing as a fake root rather than as the real root? Is it > a matter of security, convenience, what?
You don't really have to be root and you are not really root. Think about it, if anyone could "fakeroot ~user/script/replace_passwd".. Just a few general pointers: 1. You do not need to put the kernel source in /usr/src/linux. In fact, it can only cause you unforeseen confusion and hassle. Just put the source in any kind of place that you would normally be building any other kind of software in. If you do not understand all the (complex) rationale behind all this, just trust me. Neither do I. ;-) The only real problem is all the outdated and sometimes misguided documentation out there, in FAQ's HOWTO's and in individual software package's build instructions. I'm sure there is a lot of wisdom on this issue to be found in your /usr/share/doc/*, because of all the confusion and problems this has created in the past. Check out anything related to kernel and libc, I know it's there somewhere. 2. You do not need to be root to compile the kernel. This is in also really just bad style. Gcc is very resource hungry, especially when compiling the linux kernel. Running it as root means that it is not kept within the reasonable bounds that are otherwise enforced on users. 3. The only point where you might need root priviledges is when you do "make install". For this target, there are commands in the Makefile that want to copy files to / or /boot, which are usually restricted to root for writing. Were you to change ownerships on them, you would not need root priviledges even for that. But then there's still lilo that wants to write to random places on your disk. That is where the security aspect of it forces you to really be root. Or trade in lilo for grub, maybe (any grub-groupies in the audience?). What is the issue, is that somewhere at the end of the whole make-kpkg process, it wants to create a .deb file. This is done using dpkg. Now dpkg wants to create a deb file whose contents have already the right permissions and ownerships. Under water, a deb is nothing more than a sort of tarball, so just imagine that you want to create a tar archive from your files, and that you want them to appear as root-owned inside the tarball. So in order to build a deb binary package, you must either be root, or fool tar/dpkg into believing that it is working on files as root. This is slightly more complicated than just setting USER=root in the environment, because when the programs stat files on disk, the illusion must remain consistent, while it never actually did anything effectively as root. So that is why there is fakeroot, which does all the right things for you. When you build a kernel-image deb, none of the actions that might really require root priviledges are relevant. These are all handled by the "maintainer scripts" (you are the maintainer of your own debs), placed in the kernel-image.deb automatically by kernel-package, that come into play when the package is installed on a system. That of course does require root priviledges, there's no "fakeroot dpkg -i foo.deb". :-) Cheers, Joost
