chcon

Modify the security context of an object (file)

Supplementary instructions

chcon command is to modify the security context of an object (file), such as: user, role, type, security level. That is, changing the security environment of each file to the specified environment. When using the --reference option, set the security environment of the specified file to be the same as the reference file. The chcon command is located in /usr/bin/chcon.

grammar

chcon [options]...environment file...
chcon [options]... [-u user] [-r role] [-l scope] [-t type] file...
chcon [options]... --reference=reference file file...

Options

-h, --no-dereference: Affects symbolic links rather than referenced files.
     --reference=reference: Use the security context of the specified reference file instead of the specified value.
-R, --recursive: Process all files and subdirectories recursively.
-v, --verbose: Display diagnostic information for all files processed.
-u, --user=user: Set the target security environment for the specified user.
-r, --role=role: Set the target security environment for the specified role.
-t, --type=type: Set the target security environment of the specified type.
-l, --range=range: Set the target security environment for the specified range.

The following options are used to set how the directory structure is traversed when the -R option is specified. If you specify more than one option, only the last one will take effect.

-H: If the command line argument is a symbolic link to a directory, traverse the symbolic link.
-L: Traverse every encountered symbolic link to a directory.
-P: Do not traverse any symbolic links (default).
--help: Display this help message and exit.
--version: Display version information and exit.

Example

If you want to share this ftp with anonymous users, you need to enable the following:

chcon -R -t public_content_t /var/ftp

If you want the FTP directory you set to be able to upload files, SELINUX needs to be set:

chcon -t public_content_rw_t /var/ftp/incoming

Allow users HHTP access to their home directory. This setting is limited to the user's home directory homepage:

setsebool -P httpd_enable_homedirs 1
chcon -R -t httpd_sys_content_t ~user/public_html

If you want to share the samba directory with other users, you need to set:

chcon -t samba_share_t /directory

When sharing an rsync directory:

chcon -t public_content_t /directories