Forrest logo
tool overview
On this page you find all important commands for the CLI tool chcon. If the command you are looking for is missing please ask our AI.

chcon

chcon is a command line tool used in Unix-like operating systems to change the security context of files or directories. It stands for "change context" and is primarily used in SELinux, a mandatory access control (MAC) implementation.

The chcon command allows users to modify the SELinux context, which contains information about the security attributes of a file or directory. This security context includes elements like the file type, role, user, and sensitivity, which determine access permissions.

By using chcon, users can assign different security contexts to files or directories, which can influence the access and permissions granted to them. This level of granularity can help enhance the security of a system by restricting or allowing access based on specific security attributes.

The chcon command requires root privileges to execute, as changing the security context can potentially impact the overall security posture of the system. It is crucial to exercise caution when using this tool to avoid unintended consequences or security vulnerabilities.

In addition to changing the security context of existing files, chcon can also be used during file creation or copy operations to set the desired security context immediately.

The chcon command supports various options for specifying security context, including using symbolic or numeric expressions, reference security contexts, or copying contexts from other files. This flexibility allows for efficient modification of security attributes across a wide range of scenarios.

While chcon allows users to modify security contexts, it should be noted that the changes made using chcon are not persistent. This means that the context changes will not survive a reboot or a system upgrade. To make changes persistent, the semanage command is often used.

Overall, chcon provides a powerful command line interface for managing file and directory security contexts in SELinux-enabled systems, helping users control access permissions based on specific security attributes.

List of commands for chcon:

  • chcon:tldr:13993 chcon: Change only the range/level part of SELinux security context.
    $ chcon -l ${range-level} ${filename}
    try on your machine
    explain this command
  • chcon:tldr:38cf4 chcon: Change only the user part of SELinux security context.
    $ chcon -u ${user} ${filename}
    try on your machine
    explain this command
  • chcon:tldr:50679 chcon: Change only the type part of SELinux security context.
    $ chcon -t ${type} ${filename}
    try on your machine
    explain this command
  • chcon:tldr:520ea chcon: Change only the role part of SELinux security context.
    $ chcon -r ${role} ${filename}
    try on your machine
    explain this command
  • chcon:tldr:ca67a chcon: Change the full SELinux security context of a file.
    $ chcon ${user}:${role}:${type}:${range-level} ${filename}
    try on your machine
    explain this command
  • chcon:tldr:d1b00 chcon: Change the security context of a target file, using a reference file.
    $ chcon --reference=${reference_file} ${target_file}
    try on your machine
    explain this command
tool overview