Shulou(Shulou.com)06/01 Report--

In this article, the editor introduces in detail "how to use the Linux restorecon command", the content is detailed, the steps are clear, and the details are handled properly. I hope this article "how to use the Linux restorecon command" can help you solve your doubts.

The Linux common command restorecon command is used to restore the attributes of the SELinux file, that is, the security context of the file.

Restorecon recovers the security context of files

Syntax restorecon [- iFnrRv] [- e excludedir] [- o filename] [- f filename | pathname...] Option-I: ignore files that do not exist. -f:infilename file infilename records the files to be processed. -e:directory excludes directories. -Rhand Murr: recursively processes directories. -n: do not change the file label. -o/outfilename: save the file list to outfilename, if the file is incorrect. -v: displays the process on the screen. -F: force file security context to be restored. The example assumes that apache is installed in CentOS, and the default home directory of the web page is / var/www/html. We often encounter this problem. We create a web page file in another directory and then use mv to move it to the default web page directory / var/www/html, but the file cannot be opened in the browser. This is probably because the SELinux configuration information of this file inherits the original directory, which is different from the / var/www/html directory. When using mv Mobile, this SELinux configuration information is also moved, so that the page cannot be opened. For more information, please see the following example:

Using CentOS as an example, if apache is not installed by default, make sure you are connected to the network and install it using the following command

[root@jsdig.com ~] # yum install httpd # We create a new html file in root's home directory [root@jsdig.com ~] # pwd / root [root@jsdig.com ~] # vi index.html # enter a random paragraph of text Save and exit welcome to www.jsdig.com # mv this file to the default directory of the web page [root@jsdig.com ~] # mv index.html / var/www/html/ # # at this time, we use a firefox browser to enter 127.0.0.1/index.html and find that it cannot be opened. # check the log file of SELinux and find the following error message. It is not difficult to see from this error message. # the process httpd is blocked by SELinux when accessing the index.html in the home directory of the web page, because the SELinux configuration information is incorrect. # the correct SELinux configuration information should be the part after the scontext=, while the SELinux configuration information of the index.html file is the part after the tcontext=. # from the third paragraph "admin_home_t" of tcontext=, it is not difficult to see that the SELinux configuration information of this file belongs to the root user's home directory. # type=AVC msg=audit (1378974214.610 open 465): avc: denied {open} for pid=2359 comm= "httpd" path= "/ var/www/html/index.html" dev= "sda1" ino=1317685 scontext=system_u:system_r:httpd_t:s0 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=file using ls-Z, you can also see that the SELinux information of files and directories do not match

[root@jsdig.com html] # ls-Z / var/www/html/.... Unconfined_u:object_r:admin_home_t:s0 index.html [root@jsdig.com html] # ls-Zd / var/www/html/.... System_u:object_r:httpd_sys_content_t:s0 / var/www/html/ uses restorecon to recover SELinux configuration information for all files in the home directory of the web page (if the target is a directory, you can add the-R parameter recursively)

[root@jsdig.com html] # restorecon-R / var/www/html/ here, the article "how to use the Linux restorecon command" has been introduced. If you want to master the knowledge points of this article, you still need to practice and use it. If you want to know more about related articles, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.