Explanation of the chcon command Unicorn Meta Zoo #1: Why another podcast? ...

Protagonist's race is hidden - should I reveal it?

What were wait-states, and why was it only an issue for PCs?

Coin Game with infinite paradox

What's called a person who works as someone who puts products on shelves in stores?

What is a 'Key' in computer science?

Is there a way to fake a method response using Mock or Stubs?

Like totally amazing interchangeable sister outfit accessory swapping or whatever

Why did Europeans not widely domesticate foxes?

Israeli soda type drink

TV series episode where humans nuke aliens before decrypting their message that states they come in peace

Marquee sign letters

How long can a nation maintain a technological edge over the rest of the world?

Is a self contained air-bullet cartridge feasible?

Putting Ant-Man on house arrest

Stretch a Tikz tree

Will I lose my paid in full property

When I export an AI 300x60 art board it saves with bigger dimensions

Was Objective-C really a hindrance to Apple software development?

Why isPrototypeOf() returns false?

How do I deal with an erroneously large refund?

Can gravitational waves pass through a black hole?

Determinant of a matrix with 2 equal rows

"Working on a knee"

France's Public Holidays' Puzzle



Explanation of the chcon command



Unicorn Meta Zoo #1: Why another podcast?
Announcing the arrival of Valued Associate #679: Cesar ManaraVIm: using substitute commandcould someone explain the outcome entries into a file?atq command problemLinux restrict user to specific folder in var/wwwwhat does nice -999 ls -l command do?How to exit (kill) the command cpOptions to use with configure for FFTWCommand substitution doesn't work when it's the input to `read`I used the find command without specifying a directoryHow does Command substitution, dig and +short work within this script?





.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







16















Could somebody explain this command:



chcon -R --reference=/var/www/html/ /var/www/html/install


I have read the explanation given in the book; but, I am unable to understand it clearly. Please use simple terminology while explaining the command.










share|improve this question































    16















    Could somebody explain this command:



    chcon -R --reference=/var/www/html/ /var/www/html/install


    I have read the explanation given in the book; but, I am unable to understand it clearly. Please use simple terminology while explaining the command.










    share|improve this question



























      16












      16








      16


      7






      Could somebody explain this command:



      chcon -R --reference=/var/www/html/ /var/www/html/install


      I have read the explanation given in the book; but, I am unable to understand it clearly. Please use simple terminology while explaining the command.










      share|improve this question
















      Could somebody explain this command:



      chcon -R --reference=/var/www/html/ /var/www/html/install


      I have read the explanation given in the book; but, I am unable to understand it clearly. Please use simple terminology while explaining the command.







      command-line chcon






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited 10 hours ago









      Kevin Bowen

      14.9k155971




      14.9k155971










      asked Jul 5 '13 at 16:44









      rɑːdʒɑrɑːdʒɑ

      59.4k85219302




      59.4k85219302






















          2 Answers
          2






          active

          oldest

          votes


















          9














          You are in this case:



          chcon -R --reference=RFILE FILE


          where:




          • chcon - change file security context; you can check any security context of a file with ls -Z.


          • -R - operate on files and directories recursively.


          • --reference=RFILE - use RFILE's security context rather than specifying a CONTEXT value.



          So, the above command change recursively the security context of each file from /var/www/html/install to those from /var/www/html.



          Type info coreutils 'chcon invocation' in terminal and you will have access to the complete manual.



          This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).






          share|improve this answer


























          • Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.

            – rɑːdʒɑ
            Jul 5 '13 at 17:05











          • @Jai That's correct

            – Radu Rădeanu
            Jul 5 '13 at 17:07











          • could you please explain more about "security context ". Thank you.

            – rɑːdʒɑ
            Jul 5 '13 at 17:07






          • 2





            I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"

            – Emmanuel
            Jul 5 '13 at 17:13






          • 1





            @Jai you can check any security context of a file with ls -Z

            – Radu Rădeanu
            Jul 5 '13 at 17:21



















          5














          If you are using selinux, I suggest you read the Fedora documentation.



          See :



          http://fedoraproject.org/wiki/SELinux_FAQ



          https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/



          That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.



          An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.



          The problem you will have, chcon does not survive a relabel or restorecon.




          5.7.1. Temporary Changes: chcon
          The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.




          chcon is intended for temporary changes.



          See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.



          You almost certainly will want to use restorecon



          sudo /sbin/restorecon -R -v /var/www/


          If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.



          See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html






          share|improve this answer


























          • But It guided to do like that, I am following RHCE guide.

            – rɑːdʒɑ
            Jul 6 '13 at 6:19












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f316745%2fexplanation-of-the-chcon-command%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          2 Answers
          2






          active

          oldest

          votes








          2 Answers
          2






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          9














          You are in this case:



          chcon -R --reference=RFILE FILE


          where:




          • chcon - change file security context; you can check any security context of a file with ls -Z.


          • -R - operate on files and directories recursively.


          • --reference=RFILE - use RFILE's security context rather than specifying a CONTEXT value.



          So, the above command change recursively the security context of each file from /var/www/html/install to those from /var/www/html.



          Type info coreutils 'chcon invocation' in terminal and you will have access to the complete manual.



          This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).






          share|improve this answer


























          • Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.

            – rɑːdʒɑ
            Jul 5 '13 at 17:05











          • @Jai That's correct

            – Radu Rădeanu
            Jul 5 '13 at 17:07











          • could you please explain more about "security context ". Thank you.

            – rɑːdʒɑ
            Jul 5 '13 at 17:07






          • 2





            I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"

            – Emmanuel
            Jul 5 '13 at 17:13






          • 1





            @Jai you can check any security context of a file with ls -Z

            – Radu Rădeanu
            Jul 5 '13 at 17:21
















          9














          You are in this case:



          chcon -R --reference=RFILE FILE


          where:




          • chcon - change file security context; you can check any security context of a file with ls -Z.


          • -R - operate on files and directories recursively.


          • --reference=RFILE - use RFILE's security context rather than specifying a CONTEXT value.



          So, the above command change recursively the security context of each file from /var/www/html/install to those from /var/www/html.



          Type info coreutils 'chcon invocation' in terminal and you will have access to the complete manual.



          This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).






          share|improve this answer


























          • Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.

            – rɑːdʒɑ
            Jul 5 '13 at 17:05











          • @Jai That's correct

            – Radu Rădeanu
            Jul 5 '13 at 17:07











          • could you please explain more about "security context ". Thank you.

            – rɑːdʒɑ
            Jul 5 '13 at 17:07






          • 2





            I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"

            – Emmanuel
            Jul 5 '13 at 17:13






          • 1





            @Jai you can check any security context of a file with ls -Z

            – Radu Rădeanu
            Jul 5 '13 at 17:21














          9












          9








          9







          You are in this case:



          chcon -R --reference=RFILE FILE


          where:




          • chcon - change file security context; you can check any security context of a file with ls -Z.


          • -R - operate on files and directories recursively.


          • --reference=RFILE - use RFILE's security context rather than specifying a CONTEXT value.



          So, the above command change recursively the security context of each file from /var/www/html/install to those from /var/www/html.



          Type info coreutils 'chcon invocation' in terminal and you will have access to the complete manual.



          This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).






          share|improve this answer















          You are in this case:



          chcon -R --reference=RFILE FILE


          where:




          • chcon - change file security context; you can check any security context of a file with ls -Z.


          • -R - operate on files and directories recursively.


          • --reference=RFILE - use RFILE's security context rather than specifying a CONTEXT value.



          So, the above command change recursively the security context of each file from /var/www/html/install to those from /var/www/html.



          Type info coreutils 'chcon invocation' in terminal and you will have access to the complete manual.



          This manual can helps you to understand everything about Security-Enhanced Linux (SELinux).







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jul 5 '13 at 17:20

























          answered Jul 5 '13 at 17:01









          Radu RădeanuRadu Rădeanu

          121k35253328




          121k35253328













          • Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.

            – rɑːdʒɑ
            Jul 5 '13 at 17:05











          • @Jai That's correct

            – Radu Rădeanu
            Jul 5 '13 at 17:07











          • could you please explain more about "security context ". Thank you.

            – rɑːdʒɑ
            Jul 5 '13 at 17:07






          • 2





            I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"

            – Emmanuel
            Jul 5 '13 at 17:13






          • 1





            @Jai you can check any security context of a file with ls -Z

            – Radu Rădeanu
            Jul 5 '13 at 17:21



















          • Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.

            – rɑːdʒɑ
            Jul 5 '13 at 17:05











          • @Jai That's correct

            – Radu Rădeanu
            Jul 5 '13 at 17:07











          • could you please explain more about "security context ". Thank you.

            – rɑːdʒɑ
            Jul 5 '13 at 17:07






          • 2





            I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"

            – Emmanuel
            Jul 5 '13 at 17:13






          • 1





            @Jai you can check any security context of a file with ls -Z

            – Radu Rădeanu
            Jul 5 '13 at 17:21

















          Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.

          – rɑːdʒɑ
          Jul 5 '13 at 17:05





          Thank you for your answer , did you mean that security context of /var/www/html will be applied to all the files that are placing in /var/www/html/install directory.

          – rɑːdʒɑ
          Jul 5 '13 at 17:05













          @Jai That's correct

          – Radu Rădeanu
          Jul 5 '13 at 17:07





          @Jai That's correct

          – Radu Rădeanu
          Jul 5 '13 at 17:07













          could you please explain more about "security context ". Thank you.

          – rɑːdʒɑ
          Jul 5 '13 at 17:07





          could you please explain more about "security context ". Thank you.

          – rɑːdʒɑ
          Jul 5 '13 at 17:07




          2




          2





          I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"

          – Emmanuel
          Jul 5 '13 at 17:13





          I think this page can helps you en.wikipedia.org/wiki/Security-Enhanced_Linux to understand SELinux and its "security context"

          – Emmanuel
          Jul 5 '13 at 17:13




          1




          1





          @Jai you can check any security context of a file with ls -Z

          – Radu Rădeanu
          Jul 5 '13 at 17:21





          @Jai you can check any security context of a file with ls -Z

          – Radu Rădeanu
          Jul 5 '13 at 17:21













          5














          If you are using selinux, I suggest you read the Fedora documentation.



          See :



          http://fedoraproject.org/wiki/SELinux_FAQ



          https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/



          That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.



          An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.



          The problem you will have, chcon does not survive a relabel or restorecon.




          5.7.1. Temporary Changes: chcon
          The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.




          chcon is intended for temporary changes.



          See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.



          You almost certainly will want to use restorecon



          sudo /sbin/restorecon -R -v /var/www/


          If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.



          See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html






          share|improve this answer


























          • But It guided to do like that, I am following RHCE guide.

            – rɑːdʒɑ
            Jul 6 '13 at 6:19
















          5














          If you are using selinux, I suggest you read the Fedora documentation.



          See :



          http://fedoraproject.org/wiki/SELinux_FAQ



          https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/



          That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.



          An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.



          The problem you will have, chcon does not survive a relabel or restorecon.




          5.7.1. Temporary Changes: chcon
          The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.




          chcon is intended for temporary changes.



          See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.



          You almost certainly will want to use restorecon



          sudo /sbin/restorecon -R -v /var/www/


          If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.



          See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html






          share|improve this answer


























          • But It guided to do like that, I am following RHCE guide.

            – rɑːdʒɑ
            Jul 6 '13 at 6:19














          5












          5








          5







          If you are using selinux, I suggest you read the Fedora documentation.



          See :



          http://fedoraproject.org/wiki/SELinux_FAQ



          https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/



          That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.



          An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.



          The problem you will have, chcon does not survive a relabel or restorecon.




          5.7.1. Temporary Changes: chcon
          The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.




          chcon is intended for temporary changes.



          See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.



          You almost certainly will want to use restorecon



          sudo /sbin/restorecon -R -v /var/www/


          If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.



          See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html






          share|improve this answer















          If you are using selinux, I suggest you read the Fedora documentation.



          See :



          http://fedoraproject.org/wiki/SELinux_FAQ



          https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/



          That second link is for Fedora 13, but, IMO, remains the most up to date document on selinux.



          An oversimplification of selinux is to consider it an extension of file permissions ( above and beyond owner:group:other). So every file has a context. If a file is used by a http server, then there is no reason a ftp server should be accessing it. You can allow a ftp server to access the files by enabling a Boolean.



          The problem you will have, chcon does not survive a relabel or restorecon.




          5.7.1. Temporary Changes: chcon
          The chcon command changes the SELinux context for files. However, changes made with the chcon command do not survive a file system relabel, or the execution of the /sbin/restorecon command. SELinux policy controls whether users are able to modify the SELinux context for any given file. When using chcon, users provide all or part of the SELinux context to change. An incorrect file type is a common cause of SELinux denying access.




          chcon is intended for temporary changes.



          See https://docs.fedoraproject.org/en-US/Fedora/12/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Working_with_SELinux-SELinux_Contexts_Labeling_Files.html.



          You almost certainly will want to use restorecon



          sudo /sbin/restorecon -R -v /var/www/


          If that fails, post the avc denials and provide more information on what you are wanting to do. Most likely there would be a Boolean that you would need to configure.



          See https://docs.fedoraproject.org/en-US/Fedora/13/html/Security-Enhanced_Linux/sect-Security-Enhanced_Linux-Troubleshooting-Fixing_Problems.html







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jun 29 '18 at 15:14









          Community

          1




          1










          answered Jul 5 '13 at 18:42









          PantherPanther

          80.4k14159261




          80.4k14159261













          • But It guided to do like that, I am following RHCE guide.

            – rɑːdʒɑ
            Jul 6 '13 at 6:19



















          • But It guided to do like that, I am following RHCE guide.

            – rɑːdʒɑ
            Jul 6 '13 at 6:19

















          But It guided to do like that, I am following RHCE guide.

          – rɑːdʒɑ
          Jul 6 '13 at 6:19





          But It guided to do like that, I am following RHCE guide.

          – rɑːdʒɑ
          Jul 6 '13 at 6:19


















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f316745%2fexplanation-of-the-chcon-command%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

          Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

          Simple Scan not detecting my scanner (Brother DCP-7055W)Brother MFC-L2700DW printer can print, can't...