#Bash 的 chcon 命令
chcon [OPTION]... CONTEXT FILE...
功能
修改文件的 SELinux 安全上下文。
类型
可执行文件(/usr/bin/chcon),属于 coreutils。
参数
OPTION选项:--dereference- 影响符号链接引用的源文件,而非符号链接本身(默认)-h,--no-dereference- 影响符号链接本身,而不是其引用的源文件-u,--user=USER- 在目标安全上下文中设置用户为USER-r,--role=ROLE- 在目标安全上下文中设置角色为ROLE-t,--type=TYPE- 在目标安全上下文中设置类型为TYPE-l,--range=RANGE- 在目标安全上下文中设置范围为RANGE--no-preserve-root- 不保护/目录--preserve-root- 保护/目录--reference=RFILE- 引用RFILE的安全上下文-R,--recursive- 对目录进行递归操作-v,--verbose- 打印详细信息-H- 使用-R选项进行递归操作时,指向目录的符号链接只有作为命令行参数时才遍历-L- 使用-R选项进行递归操作时,遍历所有指向目录的符号链接-P- 使用-R选项进行递归操作时,不遍历任何符号链接(默认)--help- 显示帮助--version- 显示版本
CONTEXT- 安全上下文FILE- 文件路径
#示例
$ sudo chcon USER:ROLE:TYPE:RANGE 1.txt # 设置安全上下文
$ ls -Z 1.txt # 查看安全上下文
USER:ROLE:TYPE:RANGE 1.txt
#推荐阅读
#手册
CHCON(1) User Commands CHCON(1) NAME chcon - change file security context SYNOPSIS chcon [OPTION]... CONTEXT FILE... chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE... chcon [OPTION]... --reference=RFILE FILE... DESCRIPTION Change the SELinux security context of each FILE to CONTEXT. With --reference, change the security context of each FILE to that of RFILE. Mandatory arguments to long options are mandatory for short options too. --dereference affect the referent of each symbolic link (this is the default), rather than the symbolic link itself -h, --no-dereference affect symbolic links instead of any referenced file -u, --user=USER set user USER in the target security context -r, --role=ROLE set role ROLE in the target security context -t, --type=TYPE set type TYPE in the target security context -l, --range=RANGE set range RANGE in the target security context --no-preserve-root do not treat '/' specially (the default) --preserve-root fail to operate recursively on '/' --reference=RFILE use RFILE's security context rather than specifying a CONTEXT value -R, --recursive operate on files and directories recursively -v, --verbose output a diagnostic for every file processed The following options modify how a hierarchy is traversed when the -R option is also specified. If more than one is specified, only the fi‐ nal one takes effect. -H if a command line argument is a symbolic link to a directory, traverse it -L traverse every symbolic link to a directory encountered -P do not traverse any symbolic links (default) --help display this help and exit --version output version information and exit AUTHOR Written by Russell Coker and Jim Meyering. REPORTING BUGS GNU coreutils online help: <https://www.gnu.org/software/coreutils/> Report any translation bugs to <https://translationproject.org/team/> COPYRIGHT Copyright © 2023 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>. This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. SEE ALSO Full documentation <https://www.gnu.org/software/coreutils/chcon> or available locally via: info '(coreutils) chcon invocation' GNU coreutils 9.4 April 2024 CHCON(1)