chcon(1) - man - phpman

Che Dong

⚡ TLDR: chcon (tldr-pages)

Change SELinux security context of a file or files/directories.

View security context of a file
ls {{-lZ|-l --context}} {{path/to/file}}
Change the security context of a target file, using a reference file
chcon --reference {{reference_file}} {{target_file}}
Change the full SELinux security context of a file
chcon {{user}}:{{role}}:{{type}}:{{range/level}} {{filename}}
Change only the user part of SELinux security context
chcon {{-u|--user}} {{user}} {{filename}}
Change only the role part of SELinux security context
chcon {{-r|--role}} {{role}} {{filename}}
Change only the type part of SELinux security context
chcon {{-t|--type}} {{type}} {{filename}}
Change only the range/level part of SELinux security context
chcon {{-l|--range}} {{range/level}} {{filename}}

CHCON(1) User Commands CHCON(1)

NAME
chcon - change file security context

SYNOPSIS
chcon [OPTION]... CONTEXT FILE...
chcon [OPTION]... [-u USER] [-r ROLE] [-l RANGE] [-t TYPE] FILE...
chcon [OPTION]... --reference=RFILE FILE...

DESCRIPTION
Change the SELinux security context of each FILE to CONTEXT. With --reference, change the
security context of each FILE to that of RFILE.

Mandatory arguments to long options are mandatory for short options too.

--dereference
affect the referent of each symbolic link (this is the default), rather than the sym‐
bolic link itself

-h, --no-dereference
affect symbolic links instead of any referenced file

-u, --user=USER
set user USER in the target security context

-r, --role=ROLE
set role ROLE in the target security context

-t, --type=TYPE
set type TYPE in the target security context

-l, --range=RANGE
set range RANGE in the target security context

--no-preserve-root
do not treat '/' specially (the default)

--preserve-root
fail to operate recursively on '/'

--reference=RFILE
use RFILE's security context rather than specifying a CONTEXT value

-R, --recursive
operate on files and directories recursively

-v, --verbose
output a diagnostic for every file processed

The following options modify how a hierarchy is traversed when the -R option is also speci‐
fied. If more than one is specified, only the final one takes effect.

-H if a command line argument is a symbolic link to a directory, traverse it

-L traverse every symbolic link to a directory encountered

-P do not traverse any symbolic links (default)

--help display this help and exit

--version
output version information and exit

AUTHOR
Written by Russell Coker and Jim Meyering.

REPORTING BUGS
GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>

COPYRIGHT
Copyright © 2020 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later
<https://gnu.org/licenses/gpl.html>.
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to
the extent permitted by law.

SEE ALSO
Full documentation <https://www.gnu.org/software/coreutils/chcon>
or available locally via: info '(coreutils) chcon invocation'

GNU coreutils 8.32 January 2026 CHCON(1)