Linux restorecon command usage skills, linuxrestorecon

Source: Internet
Author: User

Linux restorecon command usage skills, linuxrestorecon

Restorecon commandUsed to restore the security context of a SELinux file.

restorecon [-iFnrRv] [-e excludedir ] [-o filename ] [-f filename | pathname...]
-I: Ignore nonexistent files. -F: The infilename file infilename records the file to be processed. -E: directory exclusion directory. -R/-r: recursive processing Directory. -N: does not change the file tag. -O/outfilename: saves the file list to outfilename. If the file is incorrect. -V: displays the process on the screen. -F: forcibly restores the file security context.

If apache is installed on CentOS, the default home directory of the webpage is/Var/www/html. We often encounter this problem. Create a webpage file in another directory and use mv to move it to the default webpage directory./Var/www/html, but the file cannot be opened in the browser. This is probably because the SELinux configuration information of this file inherits from the original directoryThe SELinux configuration information is also moved when the/var/www/html directory is different. As a result, the page cannot be opened. For details, see the following example:

/* Use the CentOS example. If apache is not installed by default, ensure the network connection, use the following command to install */[ ~] # Yum install httpd/* Create an html file in the root home directory */[ ~] # Pwd/root [ ~] # Vi index.html/* enter a text segment at will, save and exit */welcome to file to the webpage directory #/ ~] # Mv index.html/var/www/html // ** in this case, we enter In the firefox browser and find that the file cannot be opened. * Check the log file of SELinux, the following error message is found. It is not difficult to see that * The index.html in the main directory of the page is blocked by SELinux because The SELinux configuration information is incorrect, * The correct SELinux configuration information should be the part after scontext =. * The SELinux configuration information of the index.html file is the part after tcontext =, * from the third section of tcontext = "admin_home_t", it is not difficult to see that the SELinux configuration information of this file is in the root user's home directory. */Type = AVC msg = audit (1378974214.610: 465): avc: denied {open} for pid = 2359 comm = "httpd" path = "/var/www/html/index.html" dev = "sda1" ino = 1317685 scontext = system_u: system_r: httpd_t: s0 tcontext = unconfined_u: object_r: admin_home_t: s0 tclass = file/* use ls-Z, file and directory SELinux information does not match */[ html] # ls-Z/var/www/html /.... unconfined_u: object_r: admin_home_t: s0 index.html [ html] # ls-Zd/var/www/html /.... system_u: object_r: httpd_sys_content_t: s0/var/www/html // * use restorecon to restore SELinux configuration information of all files in the home directory of the webpage (if the target is a directory, -R parameter recursion can be added) */[ html] # restorecon-R/var/www/html/

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.