chcon

change file security context

TLDR

View security context of a file

>_ ls -lZ [path/to/file]
copy

Change the security context of a target file, using a reference file

>_ chcon --reference=[reference_file] [target_file]
copy

Change the full SELinux security context of a file

>_ chcon [user]:[role]:[type]:[range/level] [filename]
copy

Change only the user part of SELinux security context

>_ chcon -u [user] [filename]
copy

Change only the role part of SELinux security context

>_ chcon -r [role] [filename]
copy

Change only the type part of SELinux security context

>_ chcon -t [type] [filename]
copy

Change only the range/level part of SELinux security context

>_ chcon -l [range/level] [filename]
copy

SYNOPSIS

chcon [ OPTION ]... CONTEXT FILE ...
chcon [ OPTION ]...[ -u USER ][ -r ROLE ][ -l RANGE ][ -t TYPE ] FILE ...
chcon [ OPTION ]... --reference=RFILE FILE ...

DESCRIPTION

Change the SELinux security context of each FILE to CONTEXT. With --reference ,change the security context of each FILE to that of RFILE.

Mandatory arguments to long options are mandatory for short options too.

--dereference affect the referent of each symbolic link (this is the default), rather than the symbolic link itself

-h , --no -dereference affect symbolic links instead of any referenced file

-u , --user = USER set user USER in the target security context

-r , --role = ROLE set role ROLE in the target security context

-t , --type = TYPE set type TYPE in the target security context

-l , --range = RANGE set range RANGE in the target security context

--no -preserve -root do not treat '/' specially (the default)

--preserve -root fail to operate recursively on '/'

--reference = RFILE use RFILE's security context rather than specifying a CONTEXT value

-R , --recursive operate on files and directories recursively

-v , --verbose output a diagnostic for every file processed

The following options modify how a hierarchy is traversed when the -R option is also specified. If more than one is specified, only the final one takes effect.

-H if a command line argument is a symbolic link to a directory, traverse it

-L traverse every symbolic link to a directory encountered

-P do not traverse any symbolic links (default)

--help display this help and exit

--version output version information and exit

REPORTING BUGS

GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>

COPYRIGHT

Copyright 2019 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.

SEE ALSO

Full documentation <https://www.gnu.org/software/coreutils/chcon> or available locally via: info chcon invocation

AUTHOR

Written by Russell Coker and Jim Meyering.

Copied to clipboard
free 100$ digital ocean credit