The checkinstall script cannot modify any files. It only analyzes the state of the system and creates a list of environment variable assignments based upon that interaction. To enforce this restriction, the checkinstall script is executed as the non-privileged user install if that user exists; otherwise it is executed as the non-privileged user nobody. The checkinstall script does not have superuser authority.
The pkgadd command calls the checkinstall script with one argument that names the script's response file (the file that stores the administrator's responses).
The checkinstall script is not executed during package removal. However, the environment variables assigned by the script are saved and are available during removal.