fakeroot. Enough said.
It's especially cool for running closed-source installers that you simply can't trust, but insist on running as root anyway.
Example usage:
cky@dandelion:~$ cd ~setup cky@dandelion:/home/setup$ sudo -H -u setup -s setup@dandelion:~$ gunzip -c ~cky/downloads/VMware-workstation-4.5.2-8848.tar.gz | pax -r setup@dandelion:~$ fakeroot /bin/bash --login root@dandelion:~# cd vmware-distrib root@dandelion:~/vmware-distrib# ./vmware-install.pl
When done, I tar up all the files installed in the sandbox before I exit the fakeroot environment, check that all the permissions are to my liking, and unpack it back using the real root user.
Note that ‘setup’ is a completely unprivileged user. All I did was give it access to /etc/vmware, /usr/local/stow/vmware-4.5.2 (where I'm installing the beastie), and /etc/init.d/vmwave (because the installer insists so).
Couldn't be simpler or safer. :-)