Shulou(Shulou.com)06/02 Report--

In this article, the editor introduces in detail "how to use the restorecon command of Linux". The content is detailed, the steps are clear, and the details are handled properly. I hope that this article "how to use the restorecon command of Linux" can help you solve your doubts.

The Linux common command restorecon command is used to restore the attributes of the SELinux file, that is, the security context of the file.

Syntax restorecon [- iFnrRv] [- e excludedir] [- o filename] [- f filename | pathname...] Option-I: ignore files that do not exist. -f:infilename file infilename records the files to be processed. -e:directory excludes directories. -Rhand Murr: recursively processes directories. -n: do not change the file label. -o/outfilename: save the file list to outfilename, if the file is incorrect. -v: displays the process on the screen. -F: force file security context to be restored. Example 1. Restore the SELinux context of a file

In the following example, the index.html file has the "user_home_t" context type in the SELinux context. For this context type, the apache service will not be accessible.

[root@localhost] # ll-Z / var/www/html/index.html-rw-rw-r--. Root root unconfined_u:object_r:user_home_t:s0 13 Jan 7 11:14 / var/www/html/index.html Note: the-Z option in the above ls command displays the SELinux context for a specific file. When we use the restorecon command, we don't really need to know the original security context of the file. Restorecon will automatically correct.

The following example restores the security context of index.html to the appropriate value. As shown below, it has reset the type of SELinux context to "httpd_sys_content_t", and apache will now be able to service the file without any errors.

[root@localhost ~] # restorecon / var/www/html/index.html [root@localhost ~] # ll-Z / var/www/html/index.html-rw-r--r--. 1 root root unconfined_u:object_r:httpd_sys_content_t:s0 13 Jan 7 11:14 / var/www/html/index.html2. Output information when changing the security context

By default, when you execute the restorecon command, it does not prompt you whether the security context of the file has changed.

[root@localhost] # restorecon-v / var/www/html/index.html Relabeled / var/www/html/index.html from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0

3. Use wildcards to handle multiple objects

The following example modifies the security context of all files under the directory.

[root@localhost] # restorecon-v / var/www/html/*

4. Recursive processing of files and directories

You can also use the-R option to recursively reset the security context of the file.

[root@localhost] # restorecon-Rv / var/www/html/ Relabeled / var/www/html/sales from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/sales/graph.html from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0

5. Restore context based on input file

You can save the file or folder path that needs to restore the security context in a file and use the-f option to specify the file to restore. The default security context needs to be restored in the / var/www/html/testdir directory and the specified files below:

First create a file input.txt and fill in the full path of the directory or file that needs to restore the default security context.

[root@localhost ~] # vim input.txt [root@localhost ~] # cat input.txt / var/www/html/testdir/ var/www/html/testdir/file1.txt / var/www/html/testdir/file3.txt / var/www/html/testdir/file5.txt / var/www/html/testdir/file7.txt / var/www/html/testdir/file9.txt use restorecon to restore:

[root@localhost] # restorecon-Rvf input.txt Relabeled / var/www/html/testdir from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file1.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file2.txt from unconfined_u : object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file3.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file4.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content _ t:s0 Relabeled / var/www/html/testdir/file5.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file6.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file7.txt from unconfined_u:object_r: Admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file8.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file9.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0 Relabeled / var/www/html/testdir/file10.txt from unconfined_u:object_r:admin_home_t:s0 to unconfined_u:object_r:httpd_sys_content_t:s0

6. Exclude a directory

You can also use the-e option to exclude directories that do not need to restore the security context. In the following example, we are working on all the files in the / var/www/html directory, but not the files in the / var/www/html/ sales subdirectory.

[root@localhost html] # restorecon-e / var/www/html/sales-Rv / var/www/html

You can also provide multiple-e options to exclude multiple files or folders.

After reading this, the article "how to use the restorecon command of Linux" has been introduced. If you want to master the knowledge of this article, you still need to practice and use it yourself. If you want to know more about the article, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.