File ownership and permissions
When mkifs includes files, directories, and symbolic links in an OS image, by default these items inherit the development host's permissions, and user ID and group ID are set to 0. You can override these settings through buildfile attributes.
Windows neither provides a umask nor properly reflects the file ownership and permissions. On a Windows development host, you should always specify these attributes, to ensure your OS image items have the correct ownership and permissions.
For some OS image items described below, the different behavior for Windows is summarized but otherwise, the descriptions apply to all development host OSs.
Some items brought into the image don't acquire ownership and permissions in the same way as files, directories, and symbolic links, however:
- Inline files
- Unless otherwise specified, the default user ID and group ID are both 0, and the
default permissions are
0666
(or0644
on Windows). - Directories with no host equivalent
- There are cases when directories that don't exist on the host will be available on the
target:
When
[type=dir]
is specified in front of a filepath in the buildfile; we refer to such directories as explicitly created directories.For these directories, unless otherwise specified, the default user ID, group ID, and permissions are
0:0:0755
.When the image is built with an mkxfs variant other than mkifs and a directory isn't named in the buildfile but is part of the path an explicitly named file. For instance, if dir/file is specified in the buildfile but dir isn't, this directory gets created by mkxfs. We refer to such directores as implicitly created directories.
When the image is built with mkifs and a directory gets emulated by procnto because it's part of the target path for a buildfile item. For example, if dir/file is specified in the buildfile but dir isn't, dir gets emulated at runtime by procnto; we refer to such directories as virtual directories.
For these directories, you can't set their ownership and permissions; their settings are chosen by procnto. If you need to assign specific ownership and permissions for such directories in your target image, you must create them explicitly.
For symbol files generated from the [+keeplinked]
attribute on bootstrap binaries, the owner is the user running mkifs. The
permission bits for these symbol files are inherited from the user's current
umask. On Windows, permissions might be dictated by the OS. These files
are not brought into the target image; they are kept on the host and used for
debugging.
For all binaries in the bootstrap section (procnto-* etc.), unless
otherwise specified in the buildfile, the default user ID and group ID are 0, and the
default permissions are those of the host file ORed with 0111
. The
startup-* bootstrap binary doesn't have file attributes because it
precedes the filesystem and thus, isn't part of it.
Changing user ID, group ID, and permissions
[uid=0 gid=0 perms=0666] file1
[uid=5 gid=1 perms=a+xr] file2
These lines mark the first file (file1) as owned by root (the user ID 0), group 0, and readable and writable by all (the mode of octal 666). The second file (file2) is marked as being owned by user ID 5, group ID 1, and executable and readable by all.
On a Windows host, mkifs can't get any file attribute except for the
write (w
) bit, which is based on Windows' read-only file attribute. Also,
mkifs must guess at whether the execute (x
) bit
should be set based on whether the file is an ELF file of an appropriate type.
You need to use the perms attribute to specify the access permissions explicitly. You also need to use the uid and gid attributes to set the ownership correctly. To determine whether or not a utility needs to have the setuid or setgid permission set, see its entry in the Utilities Reference.
For more information about utilities to control ownership and permissions on target
systems, see File
ownership and permissions
in the QNX OS
User's Guide, and the mkifs
uid, gid, and perms attributes.
When you combine attributes, place them all inside one set of square brackets, as in the
example above: [uid=0 gid=0 perms=0666] file1
. See Buildfile syntax
for more details about attributes
and buildfile syntax.
[uid=5 gid=1 perms=0666]
file1
file2
file3
file4
which is equivalent to:
[uid=5 gid=1 perms=0666] file1
[uid=5 gid=1 perms=0666] file2
[uid=5 gid=1 perms=0666] file3
[uid=5 gid=1 perms=0666] file4
[uid=5 gid=1 dperms=0755] dir1=/some/host/dir
Sub-directories are unaffected.x
)
bit, sticky bit, read permissions, setuid (set user ID), or setgid (
set group ID) permissions from the directory. You need to use the dperms attribute to specify these permissions explicitly and use the uid and gid attributes to set the ownership correctly. For more information, see the mkifs uid, gid, and dperms attributes.