Home >System Tutorial >LINUX >In-depth analysis of the chcon command

In-depth analysis of the chcon command

WBOY
WBOYforward
2024-01-06 19:17:58690browse
Introduction The chcon command is to modify the security context of the object (file), such as: user, role, type, security level. That is, changing the security environment of each file to the specified environment. When using the --reference option, set the security environment of the specified file to be the same as the reference file. The chcon command is located in /usr/bin/chcon. Let us explain in detail how to use the chcon command.
grammar
chcon [选项]... 环境 文件... 
chcon [选项]... [-u 用户] [-r 角色] [-l 范围] [-t 类型] 文件... 
chcon [选项]... --reference=参考文件 文件...
Options
-h, --no-dereference:影响符号连接而非引用的文件。
 --reference=参考文件:使用指定参考文件的安全环境,而非指定值。 
-R, --recursive:递归处理所有的文件及子目录。 
-v, --verbose:为处理的所有文件显示诊断信息。 
-u, --user=用户:设置指定用户的目标安全环境。
-r, --role=角色:设置指定角色的目标安全环境。
-t, --type=类型:设置指定类型的目标安全环境。 
-l, --range=范围:设置指定范围的目标安全环境。
The following options are used to set how to traverse the directory structure when the -R option is specified
-H:如果命令行参数是一个通到目录的符号链接,则遍历符号链接。 
-L:遍历每一个遇到的通到目录的符号链接。 
-P:不遍历任何符号链接(默认)。 
--help:显示此帮助信息并退出。 
--version:显示版本信息并退出.
Example If you want to share this ftp with anonymous users, you need to enable the following:
chcon -R -t public_content_t /var/ftp
If you want the FTP directory you set to be able to upload files, SELINUX needs to be set:
chcon -t public_content_rw_t /var/ftp/incoming
Allow users to HHTP access their home directories. This setting is limited to the user's home directory homepage:
setsebool -P httpd_enable_homedirs 1 chcon -R -t httpd_sys_content_t ~user/public_html
If you want to share the samba directory to other users, you need to set:
chcon -t samba_share_t /directory
When sharing the rsync directory:
chcon -t public_content_t /directories

The above is the detailed content of In-depth analysis of the chcon command. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:linuxprobe.com. If there is any infringement, please contact admin@php.cn delete