Explanation of the chcon command Unicorn Meta Zoo #1: Why another podcast? ...
Protagonist's race is hidden - should I reveal it?
What were wait-states, and why was it only an issue for PCs?
Coin Game with infinite paradox
What's called a person who works as someone who puts products on shelves in stores?
What is a 'Key' in computer science?
Is there a way to fake a method response using Mock or Stubs?
Like totally amazing interchangeable sister outfit accessory swapping or whatever
Why did Europeans not widely domesticate foxes?
Israeli soda type drink
TV series episode where humans nuke aliens before decrypting their message that states they come in peace
Marquee sign letters
How long can a nation maintain a technological edge over the rest of the world?
Is a self contained air-bullet cartridge feasible?
Putting Ant-Man on house arrest
Stretch a Tikz tree
Will I lose my paid in full property
When I export an AI 300x60 art board it saves with bigger dimensions
Was Objective-C really a hindrance to Apple software development?
Why isPrototypeOf() returns false?
How do I deal with an erroneously large refund?
Can gravitational waves pass through a black hole?
Determinant of a matrix with 2 equal rows
"Working on a knee"
France's Public Holidays' Puzzle
Explanation of the chcon command
Unicorn Meta Zoo #1: Why another podcast?
Announcing the arrival of Valued Associate #679: Cesar ManaraVIm: using substitute commandcould someone explain the outcome entries into a file?atq command problemLinux restrict user to specific folder in var/wwwwhat does nice -999 ls -l command do?How to exit (kill) the command cpOptions to use with configure for FFTWCommand substitution doesn't work when it's the input to `read`I used the find command without specifying a directoryHow does Command substitution, dig and +short work within this script?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}
Could somebody explain this command:
chcon -R --reference=/var/www/html/ /var/www/html/install
I have read the explanation given in the book; but, I am unable to understand it clearly. Please use simple terminology while explaining the command.
command-line chcon
add a comment |
Could somebody explain this command:
chcon -R --reference=/var/www/html/ /var/www/html/install
I have read the explanation given in the book; but, I am unable to understand it clearly. Please use simple terminology while explaining the command.
command-line chcon
add a comment |
Could somebody explain this command:
chcon -R --reference=/var/www/html/ /var/www/html/install
I have read the explanation given in the book; but, I am unable to understand it clearly. Please use simple terminology while explaining the command.
command-line chcon
Could somebody explain this command:
chcon -R --reference=/var/www/html/ /var/www/html/install
I have read the explanation given in the book; but, I am unable to understand it clearly. Please use simple terminology while explaining the command.
command-line chcon
command-line chcon
edited 10 hours ago
Kevin Bowen
14.9k155971
14.9k155971
asked Jul 5 '13 at 16:44
rɑːdʒɑrɑːdʒɑ
59.4k85219302
59.4k85219302
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You are in this case:
chcon -R --reference=RFILE FILE
where:
chcon
- change file security context; you can check any security context of a file withls -Z
.-R
- operate on files and directories recursively.--reference=RFILE
- use RFILE's security context rather than specifying a CONTEXT value.
So, the above command change recursively the security context of each file from /var/www/html/install
to those from /var/www/html
.
Type info coreutils 'chcon invocation'
in terminal and you will have access to the complete manual.
This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).
Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.
– rɑːdʒɑ
Jul 5 '13 at 17:05
@Jai That's correct
– Radu Rădeanu
Jul 5 '13 at 17:07
could you please explain more about "security context ". Thank you.
– rɑːdʒɑ
Jul 5 '13 at 17:07
2
I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"
– Emmanuel
Jul 5 '13 at 17:13
1
@Jai you can check any security context of a file withls -Z
– Radu Rădeanu
Jul 5 '13 at 17:21
|
show 3 more comments
If you are using selinux, I suggest you read the Fedora documentation.
See :
http://fedoraproject.org/wiki/SELinux_FAQ
https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/
That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.
An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.
The problem you will have, chcon does not survive a relabel or restorecon.
5.7.1. Temporary Changes:
chcon
The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.
chcon is intended for temporary changes.
See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.
You almost certainly will want to use restorecon
sudo /sbin/restorecon -R -v /var/www/
If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.
See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html
But It guided to do like that, I am following RHCE guide.
– rɑːdʒɑ
Jul 6 '13 at 6:19
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f316745%2fexplanation-of-the-chcon-command%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You are in this case:
chcon -R --reference=RFILE FILE
where:
chcon
- change file security context; you can check any security context of a file withls -Z
.-R
- operate on files and directories recursively.--reference=RFILE
- use RFILE's security context rather than specifying a CONTEXT value.
So, the above command change recursively the security context of each file from /var/www/html/install
to those from /var/www/html
.
Type info coreutils 'chcon invocation'
in terminal and you will have access to the complete manual.
This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).
Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.
– rɑːdʒɑ
Jul 5 '13 at 17:05
@Jai That's correct
– Radu Rădeanu
Jul 5 '13 at 17:07
could you please explain more about "security context ". Thank you.
– rɑːdʒɑ
Jul 5 '13 at 17:07
2
I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"
– Emmanuel
Jul 5 '13 at 17:13
1
@Jai you can check any security context of a file withls -Z
– Radu Rădeanu
Jul 5 '13 at 17:21
|
show 3 more comments
You are in this case:
chcon -R --reference=RFILE FILE
where:
chcon
- change file security context; you can check any security context of a file withls -Z
.-R
- operate on files and directories recursively.--reference=RFILE
- use RFILE's security context rather than specifying a CONTEXT value.
So, the above command change recursively the security context of each file from /var/www/html/install
to those from /var/www/html
.
Type info coreutils 'chcon invocation'
in terminal and you will have access to the complete manual.
This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).
Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.
– rɑːdʒɑ
Jul 5 '13 at 17:05
@Jai That's correct
– Radu Rădeanu
Jul 5 '13 at 17:07
could you please explain more about "security context ". Thank you.
– rɑːdʒɑ
Jul 5 '13 at 17:07
2
I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"
– Emmanuel
Jul 5 '13 at 17:13
1
@Jai you can check any security context of a file withls -Z
– Radu Rădeanu
Jul 5 '13 at 17:21
|
show 3 more comments
You are in this case:
chcon -R --reference=RFILE FILE
where:
chcon
- change file security context; you can check any security context of a file withls -Z
.-R
- operate on files and directories recursively.--reference=RFILE
- use RFILE's security context rather than specifying a CONTEXT value.
So, the above command change recursively the security context of each file from /var/www/html/install
to those from /var/www/html
.
Type info coreutils 'chcon invocation'
in terminal and you will have access to the complete manual.
This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).
You are in this case:
chcon -R --reference=RFILE FILE
where:
chcon
- change file security context; you can check any security context of a file withls -Z
.-R
- operate on files and directories recursively.--reference=RFILE
- use RFILE's security context rather than specifying a CONTEXT value.
So, the above command change recursively the security context of each file from /var/www/html/install
to those from /var/www/html
.
Type info coreutils 'chcon invocation'
in terminal and you will have access to the complete manual.
This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).
edited Jul 5 '13 at 17:20
answered Jul 5 '13 at 17:01
Radu RădeanuRadu Rădeanu
121k35253328
121k35253328
Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.
– rɑːdʒɑ
Jul 5 '13 at 17:05
@Jai That's correct
– Radu Rădeanu
Jul 5 '13 at 17:07
could you please explain more about "security context ". Thank you.
– rɑːdʒɑ
Jul 5 '13 at 17:07
2
I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"
– Emmanuel
Jul 5 '13 at 17:13
1
@Jai you can check any security context of a file withls -Z
– Radu Rădeanu
Jul 5 '13 at 17:21
|
show 3 more comments
Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.
– rɑːdʒɑ
Jul 5 '13 at 17:05
@Jai That's correct
– Radu Rădeanu
Jul 5 '13 at 17:07
could you please explain more about "security context ". Thank you.
– rɑːdʒɑ
Jul 5 '13 at 17:07
2
I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"
– Emmanuel
Jul 5 '13 at 17:13
1
@Jai you can check any security context of a file withls -Z
– Radu Rădeanu
Jul 5 '13 at 17:21
Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.
– rɑːdʒɑ
Jul 5 '13 at 17:05
Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.
– rɑːdʒɑ
Jul 5 '13 at 17:05
@Jai That's correct
– Radu Rădeanu
Jul 5 '13 at 17:07
@Jai That's correct
– Radu Rădeanu
Jul 5 '13 at 17:07
could you please explain more about "security context ". Thank you.
– rɑːdʒɑ
Jul 5 '13 at 17:07
could you please explain more about "security context ". Thank you.
– rɑːdʒɑ
Jul 5 '13 at 17:07
2
2
I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"
– Emmanuel
Jul 5 '13 at 17:13
I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"
– Emmanuel
Jul 5 '13 at 17:13
1
1
@Jai you can check any security context of a file with
ls -Z
– Radu Rădeanu
Jul 5 '13 at 17:21
@Jai you can check any security context of a file with
ls -Z
– Radu Rădeanu
Jul 5 '13 at 17:21
|
show 3 more comments
If you are using selinux, I suggest you read the Fedora documentation.
See :
http://fedoraproject.org/wiki/SELinux_FAQ
https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/
That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.
An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.
The problem you will have, chcon does not survive a relabel or restorecon.
5.7.1. Temporary Changes:
chcon
The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.
chcon is intended for temporary changes.
See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.
You almost certainly will want to use restorecon
sudo /sbin/restorecon -R -v /var/www/
If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.
See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html
But It guided to do like that, I am following RHCE guide.
– rɑːdʒɑ
Jul 6 '13 at 6:19
add a comment |
If you are using selinux, I suggest you read the Fedora documentation.
See :
http://fedoraproject.org/wiki/SELinux_FAQ
https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/
That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.
An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.
The problem you will have, chcon does not survive a relabel or restorecon.
5.7.1. Temporary Changes:
chcon
The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.
chcon is intended for temporary changes.
See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.
You almost certainly will want to use restorecon
sudo /sbin/restorecon -R -v /var/www/
If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.
See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html
But It guided to do like that, I am following RHCE guide.
– rɑːdʒɑ
Jul 6 '13 at 6:19
add a comment |
If you are using selinux, I suggest you read the Fedora documentation.
See :
http://fedoraproject.org/wiki/SELinux_FAQ
https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/
That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.
An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.
The problem you will have, chcon does not survive a relabel or restorecon.
5.7.1. Temporary Changes:
chcon
The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.
chcon is intended for temporary changes.
See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.
You almost certainly will want to use restorecon
sudo /sbin/restorecon -R -v /var/www/
If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.
See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html
If you are using selinux, I suggest you read the Fedora documentation.
See :
http://fedoraproject.org/wiki/SELinux_FAQ
https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/
That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.
An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.
The problem you will have, chcon does not survive a relabel or restorecon.
5.7.1. Temporary Changes:
chcon
The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.
chcon is intended for temporary changes.
See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.
You almost certainly will want to use restorecon
sudo /sbin/restorecon -R -v /var/www/
If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.
See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html
edited Jun 29 '18 at 15:14
Community♦
1
1
answered Jul 5 '13 at 18:42
PantherPanther
80.4k14159261
80.4k14159261
But It guided to do like that, I am following RHCE guide.
– rɑːdʒɑ
Jul 6 '13 at 6:19
add a comment |
But It guided to do like that, I am following RHCE guide.
– rɑːdʒɑ
Jul 6 '13 at 6:19
But It guided to do like that, I am following RHCE guide.
– rɑːdʒɑ
Jul 6 '13 at 6:19
But It guided to do like that, I am following RHCE guide.
– rɑːdʒɑ
Jul 6 '13 at 6:19
add a comment |
Thanks for contributing an answer to Ask Ubuntu!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f316745%2fexplanation-of-the-chcon-command%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown